Slashdot Mirror
Red Hat Opens Netscape Directory
suezz writes " Eweek is running a story that Redhat is releasing Netscape Directory (LDAP) under the GPL - this is huge at least from my point of view. I know of at least two huge companies that have standardized on Netscape Directory for their web applications."
I forgot to mention this in my first post...but if enough customers purchase this by April 30th, Red Hat will have to pay an additional $2.5 million.
Goodness, that is a lot of money.
Speed, and certain enterprise features like multi-master replication if I remember correctly. It's been a while since Netscape dropped off everyone's radar, and I know they continued work on it after iPlanet broke up.
You can compare them using SLAMD. www.slamd.com
Actually, I'm aware of an installation where a single (fairly robust) sun box is running at 200GB db size and 32 million LDAP entries on SunOne (descendant of the Netscape code). It sucks, but it works. Let's be honest - even the NS directory server is a nightmare to set up beyond the most rudimentary schema. Easier than OpenLDAP, true, but *easy*?
Thinking outside my Head
Netscape Directory is very very fast and very very easy to install and configure. After using OpenLDAP, I'm sure everyone can agree that it is not worth your sanity just to configure a program:) Netscape Directory makes this all easy, it integrates well and is highly efficient. As I said in another post, the Netscape engineers who coded this (very bright guys) claim that one mid to high end server running Netscape Directoy can handle 200,000 clients. This is a huge gain for linux in enterprise.
Regards,
Steve
Fwiw, I did install a Netscape Directory Server on a HP-UX 11 machine, not that long ago. It was reasonably straightforward, except in that I had to install a number of OS patches and muck around with kernel parameters.
(Btw, what is it with these big proprietary apps that always want to change your kernel parameters? What on earth does Oracle need 2GB of shared memory for? And 64K file descriptors per process? That's beyond ridiculous. That sounds dangerously like extremely sloppy programming inside the product.)
But I digress. My point is that installing and configuring NDS is not hard, but nothing like "soo but soo easy" either (e.g., a far, far cry from "apt-get install slapd").
Enabling SSL is a PITA if you don't have the Netscape Certificate Server (which I didn't). I involves all manner of funky maneuvering with OpenSSL and some tools that you have to fetch from some obscure page at mozilla.org.
Management is more or less the same than with OpenLDAP, which is to say that it mostly depends on how good or bad are your LDAP client tools. In fairness, I hear the Netscape client is nice. I couldn't use it because the damn thing runs on Windows and I was not about to install that in my laptop just to see a stupid LDAP client.
Replication is probably better than OpenLDAP, though I haven't yet a chance to try it on either one.
As for big environments with many users and clients, until today I would have gone with OpenLDAP (or, if a PHB just had to see a lot of money spent in this, with Novell or Microsoft's directories). That's because nobody had source code to NDS and it was all but discontinued from the vendor. You don't want to find yourself in a position where you know there's a bug in the software, but you can't fix it and your vendor won't because they discontinued the product (and are pretty much out of business themselves, anyway).
Anyway. This is good news, certainly. Though I mostly hope there are parts and components that can be salvaged into slapd.
Well, throwing some features off the top of my head:
* multi-master replication (up to 4 servers)
* very, VERY extensive plugin interface
* useful access logging and log file analysers
* SNMP reporting
* configuration under cn=config branch (updatable over LDAP)
* you can take backups by sending commands over LDAP
And it's fast as hell, compared to OpenLDAP.
Why is this even newsworthy?
i rectory-server/
IBM has licensed its enterprise-class LDAP directory server software free of charge for over 5 years now.
Yep, free. Go to ibm.com and download it for yourself. Anyone. For any purpose.
http://www-306.ibm.com/software/tivoli/products/d
It's currently under the Tivoli brand, going as the IBM Tivoli Directory Server v6.0.
Not only does it pack all the bells and whistles of other enterprise LDAP directories, such as multimaster and cascaded replication models, but instead of flat files it *includes* IBM DB2 UDB enterprise edition database (also licensed free of charge) for its data storage. I've seen the comparative test results, and nothing touches this solution for performance and scalability.
It runs on just about anything, too...including Linux on non-x86 hardware.
And they've always GIVEN it away. Free download.
So, someone explain again WHY any company of any size would PAY for an LDAP solution, or why RedHat giving away Netscape Directory is big news?
This isn't 100% correct. SUN ONE is a merge of the Netscape Code base with the Innosoft Code base they aquired in around 2001. Both Netscape and Innosoft developed their own directory servers based around the Open LDAP reference installation. What made Innosoft more advanced was its capability for several masters (it's not true multi - master in the sense of eDirectory from Novell or Active directory but that is no bad thing).
SUN aquired the Netscape Code in partnership with AOL and also bought Innosoft. SUNs Directory 4.x servers are the Netscape code, 5.x are Innosoft.
Having said that I have happily tested both servers with 4 million entries on a fairly small box and run 500K entries in production. We managed uptimes of in excess of a year on some of our 4.x servers running over a million queries a day, not so bad.