Slashdot Mirror

← Back to Stories (view on slashdot.org)

Where are the 'Modern' Directory Services?

Posted by Cliff on from the specialized-turnkey-linux dept.

MarcQuadra asks: "I've been a Linux user since 1998, and I admin Mac OS X machines at work, but I have yet to find a distribution that comes out-of-the-box with modern directory services. Sure, there are guides to kerberize and set up OpenLDAP, but before I can start pushing Linux as an alternative at work I'll need a few things. Are there any distributions out there that can auto-mount SMB shares as home directories without heavy modification? How about a distro that's based on OpenLDAP and can easily be configured with LDAP-enabled SAMBA and Kerberos? Am I missing something, or is this not a priority with the community at-large?"

14 of 504 comments (clear)

  1. Gee... by TheCabal · · Score: 5, Insightful

    Sounds like you want Windows and Active Directory.

    1. Re:Gee... by TheCabal · · Score: 5, Insightful

      Dude (since we're apparently on an informal basis)

      I help run what is probably one of the largest AD implementations in the country, if not the world. Your perception of AD is true only under certain lamebrained implementations. It IS possible to totally ignore the AD heirarchy and go for a "flat" NT4-style domain structure, but people who set those up should be severely beaten about the face and ears, and never allowed near a server again. If your ADs are like that, get a new job.

    2. Re:Gee... by Maxwell · · Score: 2, Insightful

      People that have never used NDS think AD is really great.

      People that have used NDS are stunned at the HUGE loss of functionality they suffer by moving from NDS to AD and hate it, and it's stupid limitations every day.

      AD 2003 is not even at NDS with Netware 4.11 level yet. it is truly astonish how petty AD - but you and many peopel liek you think it is just great.

      Just wait until they integrate application publishing with it! Desktop settings! File services! The ability to replicate parts of the tree independtly! email! wow , won't that be great?? All that would put you at ~ 1999.

      MS blatantly rips off the rest of the industry, I wish they would hurry up and copy NDS COMPLETLY now. Instead you get 'good engouh' AD.

      JON

      JON

    3. Re:Gee... by AlphaSys · · Score: 3, Insightful

      FOO: YHBT, I think. You don't use a workgroup either. A domain is a domain, a security group is a security group and an organizational unit is an organizational unit (I can see how that can be confusing). You do not have to have any thing other than a parent domain to support an OU and OUs can nest any imaginable way and have a single parent domain. You really don't know what you're talking about so sit back and listen a little. OUs are not to be used for the same reasons as the old "resource domains" of NT yore. I explain it really simply for folks who ask about it... "OUs are for what can be done TO the objects contained, Group Membership is for what can be done BY the objects contained"

      When I said the migrations were big wins for the customers, I AM generally speaking in terms of managing tens of thousands of users at a time. But I am also talking about more than that -- I am talking about their ability to write custom directory-aware applications. This is the big void (I'm not going to say failing because it is not impossible, it's just that no one is quite there yet) in the *N*X world.

      When MS designed AD, they designed it with the same thing in mind they design everything -- end-user extensibility. Group policy is a very workable swiss-army-kinfe of tools for the admin to make administration much easier. Developers are easily able to build on it in a very good OO manner. They also built a fair amound of standards-based interoperability into it so that anyone with familiarity with LDAP, Kerberos, etc. was going to be able to get into programming for it quickly. They made the integration super tight between it and other core OS services -- Kerberos, DFS, RADIUS, RRAS, Message Queueing, etc., etc. -- as well as their flagship products that sell separately including Exchange, SQL2K, ISA and everything they've come out with beyond that. I've never been an MS fanboy as far as their business practices go, and I have cursed Win9x and NT4 installations more than a vast majority of posters here. But MS is starting to get some things right as far as their products go. Before, they were an easy target for the RH and the SuSE of the world (hell, the Debs and Slackwares too, even BSDs for crying out loud) to target by saying "they're too unreliable and difficult to configure to do enterprise computing with". Those days are coming to an end. While millions of FOSS contributors have trained their eyes on the desktop, MS has transcended it and is poised to gain back the market that made FOSS a threat to begin with: enterprise computing. And all they had concede was 10% web browser share. It's time for the major vendors to put their thinking hats on. And maybe it is time for them to think about working together again too. They've all been thinking, "hey, it's FOSS, but I can still put some widgets onto the pieces I glue together and call it proprietary and sell it for the same prices as MS or even more". RH is all about it. SuSE is too. But what you end up with are separate incompatible implementations of enterprise-grade features. What's worse, the RH and the SuSE of the world are still at the whim of whoever maintains the components they have glued onto. Sure, they can fork and maintain their own if they have to, but they specifically do not want to.

      I think the top ten vendors need to form a consortium to delineate about five goals that they want to see in enterprise features, agree on thorough, complete specifications, and then engage the community with cash and other incentives to get it done. And when the goals are realized, the reults need to be free enough that all distros can interoperate. When you encumber other's rights to do one thing with the software, you encumber all abilities to do any thing in a truly interoperable manner. The major vendors need to figure out how they're going to benefit from the features being available without encumbering them or they will remain behind MS just because MS got ahead of them and the FOSS community is too fragmented. When there are c

      --
      Can I bum a sig? I left mine at the office.
    4. Re:Gee... by hostyle · · Score: 2, Insightful

      The one pushed by the convicted monopolist? I'm just guessing here.

      --
      Caesar si viveret, ad remum dareris.
    5. Re:Gee... by schon · · Score: 2, Insightful

      All I got when I complained their wasn't any tools to help setup some fairly basic netowrking options

      So, you *complained* that someone wasn't doing something for you for free, and people were dismissive - and you were surprised?

      Here's a tip for you: don't complain. When you complain you come off as a whiny brat. If something you need doesn't exist, either ask someone *nicely* if it could be included (or when they're planning to implement it.)

      Most networking setup doesn't require knowledge of C or C++; shell/perl would probably do.

      four or five years later were still sitting aroudn waiting for that sorta thing

      To quote Tonto, what do you mean by "we", kemosabe?

      I find it really funny

      It's funny because you alienate people, and then they *don't* do what you want them to? Yes, you're right it is funny - but it's probably not funny in the way that you think.

  2. LDAP is critical to Linux's survival now. by Zombie+Ryushu · · Score: 5, Insightful

    LDAP, Kerberos, Samba and all the things that come with that are critical to Linux's survival now. Linux will either live or Die on its ability to use LDAP, Kerberos, SSL and Samba.

    LDAP is Linux's ultimate ability that permiates everything Linux can do and makes the many peices of Linux whole. Only the greatest of Linux Users cann use LDAP.

    The thing is, its too damn hard, too damn difficult, and there is not enough documentation and configuration too;s for LDAP out there. I've spent three years on LDAP - I know.

  3. Small demand by jmorris42 · · Score: 3, Insightful

    Yes having a setup for LDAP with SAMBA tied in would be a plus, you have to consider why it hasen't happened yet.

    Only fairly large shops NEED that and they only need to set it up once. The existing howtos appear to be addressing that need well enough that it has not become a big enough itch for anyone to scratch. Again, because once you know enough about it to write the wizards to make setting it all up easy, you have your site done and will probably will never need to do it again. So until a distro vendor sees it as a big enough selling feature to undertake the work I doubt it will happen.

    --
    Democrat delenda est
  4. Re:Linux instead of OS X? by Leo+McGarry · · Score: 2, Insightful

    The money you spend on new hardware will be far less than what you'll spend in time and trouble getting a half-assed Linux solution together.

    You want Mac OS X Server. Trust me on this.

  5. Re:OS X Server has it built in... Open Directory by Leo+McGarry · · Score: 3, Insightful

    Because 'the people upstairs' who make purchasing decisions are dead-set on x86 hardware in the server room.

    They are wrong. Explain this to them. That's part of your job.

    Also, there's perfectly good x86 hardware in there now, I'd rather use itr than pay Apple for new metal.

    Given that this "perfectly good x86 hardware" is absolutely incapable of doing what you want it to do without a massive investment of time and effort, it seems obvious to me that it's not "perfectly good" at all, is it?

    Run the numbers. You will find that buying an Xserve will cost you much less than trying to make your jury-rigged solution work.

  6. Re:Netware by Anonymous Coward · · Score: 2, Insightful

    Grab a copy of Open Enterprise Server from Novell. Its in open beta and is basicly what you are asking for. It may be more than your asking for actually as they offer lots more services than you need.

    I have had a chance to play with it, Its Suse with Netware services on it basicly. NDS is probably the nicest directory out there and it has LDAP built into it so you can connect other Linux distros into it if you don't want to just run OES.

    They have made Samba talk to NDS so you create user objects in NDS and it works through out the system. They plan on replacing Netware with OES so its well polished.

  7. Re:Novell eDirectory by swdunlop · · Score: 2, Insightful

    Dunno, they've been in business quite a bit longer than any other major Linux supporter, excepting IBM. I don't think Novell will be disappearing any time soon.

    --
    Weapons of Mass Analysis
  8. Re:Linux instead of OS X? by archen · · Score: 2, Insightful

    Well I'm not sure about how much you've got invested in PC's already, but I think OSX is more of an investment. Microsoft and Linux require faster and faster hardware every year, while OSX gets faster and faster on the same hardware. Assuming this trend continues, this could reduce your upgrade cycle quite a bit.

  9. Re:Sure, WinXp by Zero+Sum · · Score: 2, Insightful
    OK, fair comment. I'm multi-tasking right now and I'm old and not that good at it, so perhaps I did not make myself clear.

    The thing in contention here is "demand". Now, OK, frex; IE has 90% of the market, Firefox less than 10%. A conventional view says that IE is in considerable more demand than Firefox (or Opera). Now, allright, I can accept that, but I don't agree with it. The bottom line is that no one (or very few) actually want IE but they have it and don't want another browser enough to learn how to download and install (or are not permitted to... or...). Given that you had to choose and download a browser would the ratio of 90/8/2 (IE/Firefox/Opera) be the same? I sincerely and very strongly doubt that that is the case. IE is crap in comparison to either of the others mentioned. So when people talk about "demand" or "market demand" they are not talking about demand in the english use of the word at all. They are talking about usage figures not how much one product is valued/wanted/desired over another. If the "market" was on equal standing the situation would be very different.

    So, what I mean when I say there is no "demand" for MS products is that no one really likes them. No one really wants them. And if there was something that was not harder for them to deal with and they had a real choice they would abandon MS gleefuly and rapidly.

    I'm actually quite sick of the pro-anti-Microsoft war and don't particularly care much about it, but that isn't going to make me abandon the truth of things. MS is a bag of worms, Linux was developed from a terminal emulator and shows it, UNIX (although my favourite) is thirty year old concepts overlaid with patches and extensions usually badly implemented. It is _all_ crap. Live with it.

    Anyway, it will all pass. MS has most likely had its day in the Sun. It's optimal strategy for long term survival now would be to fund say, twenty guys to work on Hurd (and maybe another 20 for EROS too). To stay ahead and set directions, to truly open just about everything except the UI. In the end it is only the UI - the user experience - that is important. So, right now, MS has sufficent resources to fund as much of the OSS movement as it wants. If it (MS) funded say 1/3 of the current OSS developers, how could it not stay in front? Wouldn't worldviews suddenly change?

    --

    Zero Sum (don't amount to much). [root@localhost]