Slashdot Mirror
Red Hat releases Netscape Directory Server to OSS
parry writes "Red Hat has released the Netscape Directory server acquired from Netscape Security Solutions under a "GPL + Exception" license. The Fedora Directory Server is made up of a number of different pieces of software, each with their own licensing. "
Red Hat Opens Netscape Directory - This is a bad omen for the start of the work week.
So what exactly does this do? And what closed source products does this replace?
The article last week was a press release type article. Lots of fluff, no content. Now we're getting the content. So it's not really a dupe. More of a late update.
Give a man a fish and he'll eat for a day. Teach him to fish and he'll wipe out the species.
anyone care to examine the license - "GPL with Exception" - and give us an Evil / Not Evil summary?
pr0n - keeping monitor glass spotless since 1981.
Worth pointing out, the exception is an extra freedom not a less-freedom (which of course would make it not GPL).
I'm not too clear on GPL vs LGPL but the extra "you can link this from non GPL...." sounds like a cross between the two.
An easy to use Directory Service that:
* childsplay to install
* hides the LDAP schema from admins that don't need to know
* a GUI / web console to add, delete, alter LDAP attributes
* easy integration into the O/S with a few file changes: PAM modules
* is easier to get going than OpenLDAP
I hope that the new Fedora project will do something like this, I saw the admin toolkit but no source is available yet, only binary packages - since I run gentoo i'll wait... Might be interesting!
Finally ! this is the only Open Source Directory that can compare to the features that Active Directory has to offer, especially multi-master replication.
:)
Unfortunately, this will probably mean OpenLDAP will fade into insignificance, but I may be wrong !
This is the 'stronger rope' I needed to hang the guys planning on making Linux authentication depend on MS AD where I work
-- Ravi
Depends on your point of view. I've quoted the "exception" below. It allows developers to distribute versions that are linked to non-GPL code as long as those links use approved interfaces. Developers who modify the GPL code are not required to continue the exception in the code they release. I'd put it in the decidedly non-evil camp, but GPL hardliners may view it as evil.
In addition, as a special exception, Red Hat, Inc. gives You the additional right to link the code of this Program with code not covered under the GNU General Public License ("Non-GPL Code") and to distribute linked combinations including the two, subject to the limitations in this paragraph. Non-GPL Code permitted under this exception must only link to the code of this Program through those well defined interfaces identified in the file named EXCEPTION found in the source code files (the "Approved Interfaces"). The files of Non-GPL Code may instantiate templates or use macros or inline functions from the Approved Interfaces without causing the resulting work to be covered by the GNU General Public License. Only Red Hat, Inc. may make changes or additions to the list of Approved Interfaces. You must obey the GNU General Public License in all respects for all of the Program code and other code used in conjunction with the Program except the Non-GPL Code covered by this exception. If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to provide this exception without modification, you must delete this exception statement from your version and license this file solely under the GPL without exception.
Billy G, is that you?
If you prefer to have an LDAP server under in the public domain then go and code one yourself. Did you pay ANYTHING to redhat to release their LDAP server? No? Then shut the fuck up and either use it or don't. But don't complain about things which others give away for free. As long as you neither contribute to the code nor pay anything to get it under another license NOBODY will care about your opinion of the GPL.
The evil, evil GPL.
Requiring someone who uses free software to grant others the same rights he's taking advantage of is so, well, evil and unreasonable.
That said, this is about the dumbest discussion to start whining and trolling about the oh so evil GPL, as Redhat is, as mentioned in the article, releasing this under the GPL+Exceptions and these exceptions specifically allow to link non-GPL software to the code.
For most Open Source developers the easiest thing to do is to just use the software under the GPL.
However, if you use the software as a library, and only make use of the specific APIs that Red Hat has listed, then it effectively becomes like the LGPL. You are not obliged to release your code under the GPL.
But unlike the LGPL, the set of allowed APIs is fixed, and defined by Red Hat. In a LGPL program you can open up new APIs and change existing APIs and as long as you release your changes to the library, you don't need to GPL your program. With the NS Directory Server, you can change the APIs all you want, but the new APIs you create can only be used under the GPL - i.e. you have to release your program under the GPL too.
Read more of this story at Slashdot.Read more of this story at Slashdot.Read more of this story at Slashdot.
I will let others decide on its evilness factor.
Basicly, it is like a dual license, GPL and "LGPLish". Anyone making modifications may do so under the GPL, or they may preserve the dual licensing. Same goes with every other piece of dual licensed software out there. You can make your own GPL-only fork of say Qt or MySQL - but don't expect Trolltech or MySQL AB to merge your changes.
Kjella
Live today, because you never know what tomorrow brings
Seems that it's stricter than the LGPL. The LGPL (as far as I remember) doesn't specify anything about approved interfaces, although it does require that it is possible to replace the library (dynamic linking or re-linking), but even this doesn't say anything about e.g. not touching deeply internal structures inside the library. As long as these internal structures are still accessable, it will still be possible to replace the library. This license does not allow that.
they are stuck and are forced to have their code infected by this heavily viral licence.
;)
Well, redhat is allowing you to use freely and for free a product that costs several millons of dollars. You should THANK them that they give you this possibility, if you don't like it don't use it or just shut up. If you are doing money from the product redhat opensourced but you don't want to give them back anything...well, I wouldn't really like to be your friend
Excuse ME, but that's one of the stupidest posts I've seen on /. for a long time. (And that's saying something!)
If you prefer not to 'jump on the band wagon', fine - stick with existing closed source solutions. Nobody is holding a gun to your head demanding that you use this software.
Either way, whining about the fact that you actually have to do some work if you want to have this functionality - rather than just stealing their code outright - is something you probably should have posted anonymously. Or better still, not posted.
Not a dupe, its actually released now.
It'll be great to see the benchmarks to settle this;
SunONE
IBM's ldap thingy
OpenLDAP
Novell's eDirectory
maybe even AD for kicks.
Also, just a note, redhat's docs are actually pretty good. Even the web pages ~2500 word Architecture docs probably outweight the usefulness of everything else available on the web. One of the most frequenty Directory Service gripes is how bad the docs are; finding out how to build a good DS system is pretty much a black art. Part fo the reason OpenLDAP is so unacceptable as a solution is because you're at the mercy of whatever tools you can find; docs are MIA. RedHat's already done a decent job of making them accessible, which is good because I might need them to make this thing compile on Debian.
Way to go red-hat. Everytime red hat shows up on campus I always spend five-ten minutes asking about the Netscape DS. Thanks for the release; here's to long life.
Myren
It's basically a half way point between the GPL and the LGPL.
For most Open Source developers the easiest thing to do is to just use the software under the GPL.
However, if you use the software as a library, and only make use of the specific APIs that Red Hat has listed, then it effectively becomes like the LGPL. You are not obliged to release your code under the GPL.
But unlike the LGPL, the set of allowed APIs is fixed, and defined by Red Hat. In a LGPL program you can open up new APIs and change existing APIs and as long as you release your changes to the library, you don't need to GPL your program. With the Fedora Directory Server, you can change the APIs all you want, but the new APIs you create can only be used under the GPL - i.e. you have to release your program under the GPL too.
It's covered at on the wiki.
As for evil/not evil, I'd say "not evil". It's seemingly designed to allow existing closed source software that used the NS directory to keep doing the same thing with FDS, but they've done a good job of preventing those users from getting a free run. They get to keep using the same APIs that they've always used, and now they have the freedom to fix bugs in the directory, but they don't get all the freedoms that GPL developers will get.
Read more of this story at Slashdot.Read more of this story at Slashdot.Read more of this story at Slashdot.
Why would I want to switch away from OpenLDAP 2.2 for this? This is not to say it mightn't have advantages over OpenLDAP 2.2, but I've
been very happy with OpenLDAP recently, since it got really fine-grained permissioning and syncrepl.
What software are you using right now. What license is it under?
In other news, most people hate taxes, don't want to get old, and hate the taste of liver and onions.
If you care, why don't you stop what you are doing and write some BSD replacement?
In the old hunter/gatherer days, I can just imagine you complaining about the type of meat someone else just caught, ending with the day where you ARE the dinner. Jesus H cripes I can't believe people complain about free lunch because it's not their favorite dish.
MOST PEOPLE prefer the GPL, buddy. Or at least, most of the coders do. That's obvious.
I suggest you doing a google on:
kerberos + microsoft + [weasles | bastards | hijack | whatever]
Sure, the BSD license is more free than the GPL and would be a terrific license if everyone played nice.
But they don't.
here we have it ladys and gentlemen. the typical slashdot attitude. let some random guys tell you what you should be thinking. idiot.
Well... at least the core is Open. Maybe they have to write replacements for encumberered components (perhaps the Sun iPlanet parts??).
Amen, brother. Amen.
The phrase "viral license" is dumb. Viruses are alive and they reproduce by destroying the host.
GPL is a license you can choose to put on your work.
Nobody is forcing you to use GPL code, nobody is forcing you to modify GPL code, nobody is forcing you to write GPL code. If you choose to modify *AND DISTRIBUTE* a GPL program then you should be happy to put your modifications out too.
If you're not happy with that, go with some code that's under a different license and modify/distribute that instead.
It's not rocket science. Now stop with the FUD.
Chris "Ng" Jones
cmsj@tenshu.net
www.tenshu.net
Manip is a known Microsoft fanboy. Check out his posting history at blogs.msdn.com: http://www.google.co.uk/search?q=manip+site%3Ablog s.msdn.com.
Have you READ THE FUCKING ARTICLE?_ GPL_Exception_License#Special_Exception
In case you haven't, I'll save you the pain of clicking on 3 links and point you directly at http://directory.fedora.redhat.com/wiki/Annotated
Read the exception in the license, it specifically states that you can link against non-gpl code! Red Hat added a non-evil clause to the GPL to make it less restrictive like you were just complaining about.
Regards,
Steve
If you look at their wiki, they have not released all the componets as Open Source yet. So, they had to have an exception or they themeselves would be linking non-free with free and in violation. With the exception, they can release at least part as GPL and get it out to the world. I'm betting the non-free parts are likely iPlanet componets that are still encumbered.
Because this introduces complexity (and possibly confusion), it sort of brings to question if the hollowed and sacred GPL was the most appropriate license in the first place or if they shouldn't have gone with either a Mozilla or MIT/BSD license. Redhat lives and breaths the GPL, but it is not the only free license around. Perhaps they should show some flexibility and consider others.
It's actually very clever wording by RedHat.
:-)
What they've done is to formalize a mechanism for exclusions similar to the one that we're used to in the Linux kernel, which also provides licensing exclusions to allow closed binary applications to run under it and closed binary drivers to run within it, despite the kernel itself being GPL'd.
Linux overcomes this issue because the GPL's explanatory notes describe a general exemption for closed applications that link to standard operating system programs and interfaces, without needing to reveal the application source code. It's rather imprecise though, hinging on the meaning of words like standard and distribution. Try defining standard for Gentoo, hehe.
RedHat have improved on that by formalizing the exemption mechanism, ie. explicitly stating where you can link to without strings attached and mandating that linking anywhere else will place you under GPL rules. Clarification benefits everyone, lawyers excepted of course.
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
"To get in touch with us, you can try to reach us on IRC at #fedora-ds on irc.freenode.net or on one of our mailing lists.
At least they're honest.
Intron: the portion of DNA which expresses nothing useful.
Red Hat holds the copyrights to this code. Whether the the GPL, this modified GPL with additional granted rights, or any other license is "appropriate" is solely their decision.
Is there a side by side comparison of Network Information Service (Sun Yellow Pages), Open LDAP and Netscape Directory anywhere?
I'd love to know what exactly the differences are and I suspect that most people have no idea and simply use whatever it is that they are familiar with...
Oh well, what the hell...
Granted, this doesn't fit everything, but when it comes to Solaris environments, I've found that Sun Java System Directory Server fits the bill quite nicely. Don't get me wrong. I have not tried this outside of a Solaris environment, so I don't know how easy it is to implement into other operating systems like Slashdot's oh-so-precious Linux, but JSDS is available for Linux as well.
;)
Your first requirement was not always the case. JSDS was a BITCH to install when I first started to work with it. It took me weeks to figure out, but after several test installs and documenting exactly what I did each time, I can now have a complete JSDS server for user authentication installed in about 15 minutes. (I plan on releasing my currently-64-page manual for installing and configuring it publically in the coming weeks.)
Don't know about your second requirement, as I haven't really tried it. There are only 4 admins for our entire company, so we all need equal access to the schema.
The rest are definitely there. JSDS contains a GUI client that the other admins and I use all of the time to look at data. It's not web based, but it provides access to almost every facet of the directory structure and configuration. Integration into other Solaris boxes is a breeze - run one command, fix the nsswitch.conf afterwards, and make some relatively simple pam.conf modifications. {Ding} Done.
As I said, and as I'm sure I will get flamed for, I have not tried it outside of a Solaris environment; however, I have found messages from others on the Net who currently use it with AIX and Linux as clients.
And don't complain about it not being open source. It comes with Solaris 10 and it's available as a free download. Although Sun claims that you need a license to use more than 100,000 entries, they don't do anything to enforce it.
The Overrated mod is for reversing inappropriate, positive mods, not for voicing disagreement with a post.
Except that Sun JSDS does not work on anything other than RedHat 7.2 or RHEL2 which is not what most people use today.
it's been trivial to install, it's not eaten any of my data, and I must say I'm very happy with multimaster replication as provided.
it also seems much faster than openldap.
Actually, the latest version also works on RHEL 3.
Not to mention other platforms like Solaris (SPARC and x86), HP-UX, AIX, and Windows. 64-bit versions are available for Solaris and HP-UX.
I have a small network of Linux and Mac machines and would really like to set up one address book that is accessible to all my machines and all my accounts under both Thunderbird and Mac Mail.
Would this be useful for this application or is it overkill? What are the other alternatives, I played with openldap using something called abook once and it was unusable.
The difference between Canada and the USA is that in Canada healthcare is a right and gun ownership is a privilege.
If you look at their wiki, they have not released all the componets as Open Source yet. So, they had to have an exception or they themeselves would be linking non-free with free and in violation.
No, because as the owners of the copyright, they don't need a license to distribute the software.
The reason is the basis of the GPL's legal force: copyright. By law, only the copyright holder has the right to make copies or create derived works, or give permission to others to make copies or create derived works. So in order for you to copy a Linux CD you have to have permission from the copyright holders. That permission comes to you in the form of the GPL. If Linus owned all of the Linux source, he could make copies without relying on the GPL. He doesn't, so he has to comply, otherwise he'd be infringing on the copyrights of other Linux kernel contributors.
Red Hat owns the copyright to all of this code, so they don't need anyone's permission and can do whatever they like. They've decided to grant everyone else permission to use their copyrighted works in ways defined by this GPL+extra license, but that decision in no way constrains what Red Hat can do.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
I think the GPL probably works best for a company like Red Hat. Other companies can out spend them on development staff so they need to make sure they get back any enhancements made by oracle, sun, hp or what have you. Otherwise the project would fork and their version would be left behind.
evil is as evil does
What happened to backwards compatibility in Linux? ;)
Seriously though, are you just looking at that from the software specifications or have you actually tried and failed to install it on a newer release? I'm not being sarcastic by that. There are a lot of things that were designed for Windows 95 that run fine in Windows XP. Similarly, there have been many times where I can run a Solaris 7 or even Solaris 6 binary in Solaris 9 without a problem. Since I don't work with Red Hat or Fedora Core, I cannot determine if what you say is true or not. But I must admit that I'd be disapponted if JSDS didn't run on newer versions of RH/FC.
The Overrated mod is for reversing inappropriate, positive mods, not for voicing disagreement with a post.
I actually tried to install and work around the failures on FC3, Gentoo and Debian. Did not work. I hadn't tried RHEL3 so I shouldn't have commented on that but I thought RHEL3 == FC3, but maybe not.
What's the deal? Isn't this pretty much the LGPL? Or are they really wanting to limit the number of places this thing can be linked to?
Ok, I read that *Red Hat* was going to release it. Then Red Hat spins off Fedora..
:(
Now this is showing up under the Fedora project pages?
So, are they releasing it as an actual product that can/will be supported by Red Hat's support & support contracts, or are they just saying "Ok, Fedora project, you can have this. Have fun!" and letting it go at that?
Personally, I think that it'd be a little underwhelming to just release it to the world and say "here.." This product is something that could be quite useful to many organizations, but without that level of support available, it'll be seen as "more open source stuff with no support" by the PHBs and bean counters.
(yeah, I know, the "if you had competant admins you wouldn't need support" line, but if that was the way management types thought, Windows Server 2003 wouldnt be selling as well as it is..)
Ofcourse, if Redhat owns the copyright, they can do as they please and distribute it. But now you download it and you want to redistribute it. If the necessary build would violate the GPL (as this may because the necessary non-free componets link to to GPL covered componets), then *you* would be in violation if you re-distriubted it. So, now you can see the conundrum. To over-come it, they come up with this expection to the GPL. It is their right to do so, but perhaps not an optimal solution.
you should just shut up and study for your mcse
Fair enough. Then again, considering that Java 1.4 breaks a lot of stuff meant for Java 1.2.1, I shouldn't be surprised that Sun makes software that's not backwards compatible.
The Overrated mod is for reversing inappropriate, positive mods, not for voicing disagreement with a post.
Well I have been using this particular DS for many years and have tried it on a myriad of operating systems even windows. The platfrom support from Sun for RHEL and Windows has always been a version behind the current one. Only starting this year did Sun support RHEL 3 which in my book is pathetic. Remember Sun aquired the DS from Netscape, (nsswitch.conf notice the ns prefix) and dont really know what to do with it. This is a good DS and I am very pleased with Red Hats purchase. Its the best of both worlds. If you run Solaris you have a DS, and now if you run Red Hat you have a DS. And I think Windows shops have a DS too :)
people on ludes should not drive
Agreed, assuming that you actually need one or more of the non-free components to build and distribute something useful. Also, even if you do need the non-free components, Red Hat would still not be violating the GPL, they would just be releasing software under the GPL that is not useful as-is. There's nothing wrong with that, actually, as the GPL contains no requirement that the software actually work.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Maybe "Einstein joins Red Hat Fedora Foundation"?
Or "George Washington funds development of Red Hat Directory Server"?
How about "Jesus blesses newly released Red Hat Directory Server"?
And some moron says, "Well, this story includes the LINK!"
DUH!
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
Even runs on linux...
Get your Unix fortune now!
Overkill. When I worked at Netscape, I ran a bunch of the server products on my home O2 -- this (the ldap server), mail, news, http ... I forget if I ran any others. They worked like a charm, but they used up a lot of resources waiting for the other 99,999 members of my household to show up.
But it was cool having Netscape Communicator profile roaming between home/work/laptop. I miss that with Mozilla.
nsswitch has nothing to do with netscape, it means "name service switch"
Oops bad example... on meds for walking pneumonia :) My point is Sun bought the DS, they certainly did not develop it. Anybody who uses the Sun DS knows most of the config files and operational attributes are prefixed with "ns" which stands for netscape.
people on ludes should not drive
It can be fetched from Sun for no cost for 4 years now ...
;-)))
For "RH 7.3" too
And you get all the Sun enhancements (secure replication, plugins. many more) too.
It can be fetched from Sun for no cost for 4 years now ...
...and no source
The point "for RH 7.3" might be more important for some people, I'm afraid.
Although Sun claims that you need a license to use more than 100,000 entries, they don't do anything to enforce it. ;)
Not until the SBA comes a knocking with audit papers in hand.
Any team can add features, so long as their changes remain Free. The GPL only says "if your screwed up mentality requires permission to use code, then if you want to modify this program, you need to let others modify it also"
Luke-Jr
If you look at their wiki, they have not released all the componets as Open Source yet. So, they had to have an exception or they themeselves would be linking non-free with free and in violation.
The owner of the code is not bound to the license terms others have to agree to to use the code! If I write something and GPL it, I, as owner, can sell a proprietary app using said GPLed code w/o violating the GPL license you have to obey.
My Suburban burns less gasoline than your Prius.
Yes, for Redhat themselves, they can do as they want as owners. But the whole point of OSS is to make it re-distributable. As I said in another post, now you download it and you want to redistribute it. If the necessary build would violate the GPL (as this would because critical non-free componets link to to GPL covered componets), then *you* would be in violation if you re-distriubted it. That is the problem. They want to have binary-only distribution of some componets that are linked to GPL components. So, in effect, they are putting other people in the position of violating the GPL (except for the exception they have provided). So the exception is necessary, otherwise Redhat would be causing other people to violate the GPL.