Slashdot Mirror
Red Hat Opens Netscape Directory
suezz writes " Eweek is running a story that Redhat is releasing Netscape Directory (LDAP) under the GPL - this is huge at least from my point of view. I know of at least two huge companies that have standardized on Netscape Directory for their web applications."
Red hat paid $20.5 million for this LDAP. Will they get that in return? Is it possible with this type of software?
I think this is a good thing, I'm just honestly curious, having messed around with OpenLDAP, and never really doing much with ND.
What's the major differences, feature-wise not philosophy-wise (no Free vs free vs Open vs open rants).
I don't need no instructions to know how to rock!!!!
How does this improve my user experience?
How can using ND make my life, as a user/administrator/purveyor of exotic animals, easier?
I think that is a useful question to ask any time a "new" feature is presented.
I know this story is going to prompt people wanting to know how the Netscape directory server compares with OpenLDAP. I've never used the Netscape one but what I would really love to know is how does it stack up against Novell eDirectory? eDirectory isn't open source but the licenses are damn cheap, the first 250,000 licenses are free. Any LDAP experts care to share their opinions?
"Goodness, that is a lot of money."
Remember this next time someone compares Redhat to Microsoft.
This is probably a stupid, domain-specific question.
I was recently trying to embed my JRun eServer through an SMB pipe to an NNTP share running on a remote VNC server without having to use the required intranet JVM. Would it be possible to attempt to lower my TCO using ND by utilizing the Active Directory installations in one division of the company while retaining administrator rights on the Linux network at the co-loc's Apache web server?
Money isn't a big issue, but keeping costs down is better than paying out the nose, naturally.
Is this some kind of BitTorrent search engine ?
-- "It's not stalking if you're married!" My Wife.
How will this help us liberate copyrighted music and movies? If not, you've got the wrong site.
BOHICA.
I thought it was Open Directory Project.
I've used OpenLDAP and Netscape Directory Server. NDS is a *very very very* cool product. It's easy to use, scales like there's no tomorrow (it was the backend for a lot of the older Netscape Netcenter sign on functions) and it's nice & documented. (I still have books for it)
Red Hat releasing it under the GPL is a good thing, any way that you look at it. Cool product, "big name company" supporting it, and oodles of applications that can already use many of its functions.
Now, if someone would slurp up Netscape Calendaring Server and release *that* under the GPL..
If the Netscape SuiteSpot Server suite still existed and was under the GPL, there's your Exchange-killer right there.
That all depends.
Can you provide me with an internet connection that is compatable with my token ring ethernet configuration?
I don't need no instructions to know how to rock!!!!
Can RH possibly integrate the http://hula-project.org/ into this roll out? I would really like to have THE non-M$ directory/email/calendaring system running for my school district: single sign-on and email accounts for teachers, staff, students, parents... with Mac OS X Server directory delegation, Kerberos, etc.
A killer kombination for Open Source.
Aren't both of these largely Tim Howes work from UMich?
Does the user authentication they talk about in tfa do the important parts of what Palladium was supposed to do? Everyone was VERY upset about Palladium and rightly so. It would have removed our control of our own computers.
It sounds to me as if this would make Palladium unnecessary. Or, as often happens, have I missed something?
Now if they would only open source Netscape calendaring...
You can do distributed authentication, mail routing, etc with LDAP, yes. Building most of the features of AD would involve lots of custom hacking though - for example, to do software auto-installs on log-in.
;-)
There's a lot more writing of custom schema and swearing with LDAP than there is with AD, and a LOT less good documentation, but once it works it stays working, unlike AD
"Now, if someone would slurp up Netscape Calendaring Server and release *that* under the GPL..
If the Netscape SuiteSpot Server suite still existed and was under the GPL, there's your Exchange-killer right there."
If it wasn't an "exchange-killer" before? What makes you think open-sourcing it is going to change that?
My first ever experience with LDAP was with openldap, and it took 10 minutes to configure, and then maybe an hour to work out how I wanted my schema, and write an ldif of it to import. Unless it used to be significantly different than it is now, I can't see any way anyone could think its hard to configure.
Isn't Sun's Directory Server based off this as well? I thought they'd acquired all the old Netscape stuff back in the Netscape/iPlanet days.
Where are the other bits of software that once was Netscape Suitespot?
Netscape Calendar was not actually developed by Netscape, but was a version of CS&T's CorporateTime system. CS&T later renamed to Steltor, and is now part of Oracle, CorporateTime forming a large part of their colloboration suite.
Both Netscape and Sun got copies of everything when iPlanet split. Sun still develops and sells them, first as Sun ONE, now as Java Enterprise System. Netscape tried to keep development going for a while, but it kind of stagnated (much in the same way that the Netscape browser stopped moving after the AOL aquisition).
Redhat also got Certificate Server and Enteprise Server (the web server) as part of their deal, see http://www.redhat.com/software/rha/netscape/ for more.
So where is the other Netscape software? I'm mostly talking about Messaging Server, which is an awesome piece of software, and Collabra Server, which .. isn't. Presumably they're still kicking around in a CVS in the depths of AOL somewhere. Anybody else know anything?
Asides from Multi master replication (OPenLDAP onyl allows a single master), Netscape directory server solves the 'OpenLDAP being fucking retarded, and holding ACLs to objects in the directory OUTSIDE the directory, therefore replicating objects before their access controls' issue.
The problem with LDAP is that adding the 'L' (lightweight) to the 'DAP' (directory access protocol) removed many features including, most noticably, proper distribution of data over multiple servers and proper chaining of requests.
Proper distribution and request chaining protools would allow Linux systems and MS systems to share a perceived common user data store. At the moment, hybrid enterprises are forced to support multiple islands of trust in the organization. It also sets the operational limits of the system to an enterprise/employee rather than a global/customer scale solution.
Still, it's a good thing that Red Hat is implementing a directory based identity management solution. It's a step in the right direction.
I feel happy about this.
I feel that this may be karmic retribution for Sun railroading us into having to use ^$@#%$&ing pkgadd, instead of those lovely tarball installs of yore, where it all installed into a single directory that I could tar up, or simply blow away if it screwed up... ah, the days of control...
But then, in the short term, the only way that I can see Netscape Directory Server making it into the enterprises that I deal with daily are if it comes bundled or as a dependency for some very well-trusted and established open source app, like maybe a CMS or something such as Bugzilla, or SVN. As an "Enterprise Directory" (ooh aah) it will be a long time before this version could compete, if ever -- everybody wants a stack, these days.
Still, it could be interesting leverage for the big Sun clients who are actually paying for the SJS Directory Server. I think this is the final stage of the commoditization of the animal that is a directory server... damn, I owe a certain Burton Group analyst a beer now...
(-:
Pixie
don't mess with those geekgrrls
Open LDAP was hard for me to set up, I finally joined forces with an old sysdamin. Even with her old ways she finally managed to convert NIS over to LDAP and promote it to Linux, Windows, Mac OSX and SGI. I about the time she got the SGI's working said, " So long Alice.." and ran west ward on the continental us. LDAP was a nightmare it, it was really nightmarish for the ADD young sys admins. I know at a company that I was looking into was using a verison of LDAP for the whole company's email, security to log into computers, smb mounted drives. LDAP is good if you know how to set it up but it must have an age filter. But I never have used Netscape Directory but I have heard about it from my NYC buds who say it kicks ass and you get big booty with it. :)
eeee
Answer my question, Mr. "Santa":
Have you stopped FUCKING your children IN THE EAR?
Redhat just lets it
Well, back off RedHat's knob a bit and it won't engulf your vision.
Even Tommy Lee is an ant when viewed from space.
I know how hard is to configure openldap I'm just excited after reading nice comments from people who had use ND. Redhat really got a better heart then M$ and other "greedy" parties over there. I just want to know does GPLed ND will cost M$ (AD) and other concern parties in short and long term. Do you people thinks migration from AD base setups to ND (when it beacome avaiable under GPL) would be beneficial? Regards
http://askaralikhan.blogspot.com/
Someone DID slurp up Netscape Calendaring Server in a manner of speaking: It was just a rebrand of what was then call CSTime, which after a few name/owner iterations is now owned by Oracle and part of ther collaboraton suite. I agree, it DOES really rock.
Kind of. From what I heard, the codebase is a little different..
:)
:)
Steltor (CorporateTime) became Oracle Calendar. That's also a cool product.
Also in the calendaring realm is MeetingMaker.
Emphasis on little - the clients appear to work fine with each other, so I'd say the difference is primarily in the branding. The old NS (4.x) browser integrated client is the only significat part I can not find these days (hardly surprising).
In the development and staging environments it was great. As other posters mentioned you could get from zero to something usable in less than 30 minutes. Everything was as you would expect.
However... in the -production- environment, with 10's of millions of ldap objects connected to SprintPCS's provisioning systems which were making 1,000+ ldap writes --a minute-- the SunOne system absolutely blew chunks.
LDAP architects will ask what the hell we were doing with the entire database in one ldap instance rather than partition the dataset, and they'd be right, but we were acting under Sun's direction since at the time we had one of (if not) the largest LDAPs in the world.
LDAP architects would also wonder why on earth you would ask an ldap server to live under such a write intensive churn, and they'd be right again.
That being said...
-- Multimaster replication would never ever work. Most of the time the entire SprintPCS userbase was hanging off one master and less than 4 replication slaves. For several months the entire messaging system was wedged into a single point of failure nightmare. (to be fair, this wasn't all slapd's fault and had 1/2 of the root cause in Sprint Datacenter practices which produced predictable results)
-- Other posters asked for SunOne Calendar server to be opensourced. My first response is to suggest you have your head examined since that thing would die for absolutely no reason on a regular basis. We actually automated the process of detecting its death and restoring from last night's backup. If you were a SprintPCS customer and your calendar ever seemed screwy now you know why. Of course further reflection suggested opensourcing it is probably the only thing that could help at this point because...
-- We used to get hotfix builds from Sun which were missing entire sections of the binaries. Whoever was managing the code would forget to use the same compilation flags for hotfixes as original code so we would receive webmail frontend builds which couldn't talk to imap backends, or calendar backends which wouldn't accept connections from calendar front ends.
-- SOL if you wanted to run more than 4G of memory in slapd.
Dont consider this post a rant, just let any CIO's/etc. reading this know that this opensource release will probably work great for you if you dont load it heavily (unlike exchange 5x, which would grenade just sitting there)
On the other hand, if you want to push the performance envelope, pretty much expect it to take alot of time and cause a bunch of headaches -in production-. Get help from people who have pushed the performance of the tools you are considering running.
Weird mood tonight.
Why is this even newsworthy?
i rectory-server/
IBM has licensed its enterprise-class LDAP directory server software free of charge for over 5 years now.
Yep, free. Go to ibm.com and download it for yourself. Anyone. For any purpose.
http://www-306.ibm.com/software/tivoli/products/d
It's currently under the Tivoli brand, going as the IBM Tivoli Directory Server v6.0.
Not only does it pack all the bells and whistles of other enterprise LDAP directories, such as multimaster and cascaded replication models, but instead of flat files it *includes* IBM DB2 UDB enterprise edition database (also licensed free of charge) for its data storage. I've seen the comparative test results, and nothing touches this solution for performance and scalability.
It runs on just about anything, too...including Linux on non-x86 hardware.
And they've always GIVEN it away. Free download.
So, someone explain again WHY any company of any size would PAY for an LDAP solution, or why RedHat giving away Netscape Directory is big news?
- stability
- scalability
- security
- single box performance
I'd really want to wait until someone says OpenLDAP 2.1 is secure and stable before I push it onto a box.Quidquid latine dictum sit, altum videtur
This isn't 100% correct. SUN ONE is a merge of the Netscape Code base with the Innosoft Code base they aquired in around 2001. Both Netscape and Innosoft developed their own directory servers based around the Open LDAP reference installation. What made Innosoft more advanced was its capability for several masters (it's not true multi - master in the sense of eDirectory from Novell or Active directory but that is no bad thing).
SUN aquired the Netscape Code in partnership with AOL and also bought Innosoft. SUNs Directory 4.x servers are the Netscape code, 5.x are Innosoft.
Having said that I have happily tested both servers with 4 million entries on a fairly small box and run 500K entries in production. We managed uptimes of in excess of a year on some of our 4.x servers running over a million queries a day, not so bad.
Can you point me to the download link? All I could find was "Buy Now" which lead me to a price list saying US$10,000.
For every expert, there is an equal and opposite expert. - Arthur C. Clarke
At the bottom of the page is the download link. It does appear to go to a "free" evaluation/beta copy.
I didn't download it though, so I don't know what the exact terms of use are.
The fact that there is a "Buy Now" would suggest that the eval copy is for testing but not production. Just a guess though.
Even if that is true, that's still different from releasing as Open Source.
The Tao of math: The numbers you can count are not the real numbers.
We used Netscape LDAP server on British Telecom's Talk21 (www.talk21.com) which I think had 2 million accounts and around 2,000 simultaneous sessions when I used to develop it.
Netscape LDAP was not fast enough in this environment and seemed overly complicated to use - it seemed to me that an RDBMS would make more sense for many application and it was just that BT was a big OSI player so it was being used for political reasons.
Cheep cheep cheep.
I here the sound of chickens hatching....
Doh!
(pun not intended.....)
I work for Lockheed Martin at a NY facility, and we use Netscape's LDAP for several very important things. They also have a policy against GPL software. I wonder what this means, now...
Because red hat is not just giving it for free - they've opensourced it. Under the GPL. This means it's really free, we can improve it, port to weird architectures, to freeBSD, etc. We can see the code, not just use it.
However, even though we won't be officially allowed to run ND on Linux, that doesn't mean we can't use it as a club to beat Sun to get the price of support for Sun Java System Directory Server reduced.
Aren't both red hat and netscape dead?
I bet ms has some great, if not even better, alternatives.
Hell yeah!
Hell no!
Yes, its *marketed* as multi-master, but when a change to a multi-valued attribute (MVA; for example, the membership list of a Group) on one DC can get over-written by a change to the same MVA on the same object made on another DC, that ain't multi-master. And the Redmond solution was for admins to use a "focus DC" - essentially, a master-slave arrangement - for all administrative changes.
Ad is nothing but NT4 Domains - they added an extensible schema, transitive trust and a 3-D viewer. But its still a flat namespace, still a 2D data structure, has no partitioning ability, no meaningful time synchronization, is chained by the neck to DNS, uses Experimental RFCs, and you can't leverage the Directory structure for much of anything (for example, Users and Groups are the *only* security principals). And naturally, AD is only available on Windoze.
eDirectory is at *least* 5 years ahead of AD in any technical aspect you might care to mention.
...take Netscape's LDAP in the whole iPlanet debacle?
I remember distinctly being told by iPlanet (now SunOne) support that iPlanet Messaging Server was a hybrid of Netscape's Directory Server, some components of it's MTA or IMAP/POP3 implementation and Sun's SIMS (sp?) messaging system. So who actually owns Netscape Directory Server at this point?
-"...bad old ideas look confusingly fresh when they are packaged as technology" - Jaron Lanier (Digital Maoism on Edge.o
This is obviously a direct attempt to head off competition from Novell. Novell stands to become a powerful player in the Linux services biz if it plays its cards right, but this new directory (if it's stable and easy to use) could make people take a second look at Red Hat's offerings. Because let's face it, NIS stinks and doesn't do the sorts of things large enterprises want. A good directory is Linux's weak spot right now. I'm eager to try RHDS - I actually decided months ago to put off my OpenLDAP work until I can test RHDS.
Get a good book.
Help us out here....
http://www-306.ibm.com/software/tivoli/resource-ce nter/security/code-directory-server.jsp
You have to register (free) in order to download the code. Though it's under the "trial & beta" heading, the directory server is licensed free. You can use it for any purpose for any length of time.
The caveat is that it's unsupported. If you want a support contract for your use of the LDAP server, that's where the $10k comes in. Or, if you have a current support license for any software that includes the LDAP server (AIX, Websphere, Tivoli security stuff), you're supported without any additional license fees.
IBM TIVOLI DIRECTORY SERVER MGD PR FOR LINUX ON Z LIC+SW MAINT 12 MO (D54J6LL) 10,000.00
Doesn't look free to me...
That part# is for a maintenance & support agreement (LIC+SW MAINT). You only pay $10k if you want support for the LDAP server AND you don't already have a support contract for an IBM software product that includes it.
But has it become open source ?
Click on the link to get the software and it comes up:
IBM TIVOLI DIRECTORY SERVER MGD PR FOR LINUX ON Z LIC+SW MAINT 12 MO (D54J6LL) 22,330.00 (tax ex) 24,563.00 (tax inc)
Doesn't sound free...
pithy comment
LDAP architects would also wonder why on earth you would ask an ldap server to live under such a write intensive churn, and they'd be right again.
...in NIS+.
It could have been worse. Circa 1999, I worked as postmaster for one of the three largest webmail providers in the world, and we kept our entire user directory, which was consulted every single time a piece of email was delivered...
Yes, really. No, no one was willing to take responsibility for the decision by the time I got there. Yes, it worked about as badly as you'd imagine.
Sun tech support makes all sorts of amusing strangled noises when you tell them that you've got 3 million user objects in Passwd.org_dir. Then they stop returning your phone calls.
We eventually replaced the whole nightmare with a monstrously huge Oracle database running on an E6000, but for a few terrifying months, I could claim to be administering the largest NIS+ instance in the world. But for some reason, I never put that one on my resume...
News for Nerds. Stuff that Matters? Like hell.
Other posters asked for SunOne Calendar server to be opensourced. My first response is to suggest you have your head examined since that thing would die for absolutely no reason on a regular basis.
FWIW, whatever bugs were in the NSCP/Sun Calendar server were fixed in the Steltor/Oracle branch of the product, so while it might take some time to turn a hypothetical GPLed branch of SCS into something useful, I'm confident that it could be done.
But mainly, I want to see it done just to fuck Larry Ellison right in the damned eye for buying Steltor (a company with a great product and excellent support) and burying it underneath the rotting carcass of Oracle Collaboration Suite.
(Huh, guess you're not the only person in a weird mood today.)
News for Nerds. Stuff that Matters? Like hell.