Slashdot Mirror

← Back to Stories (view on slashdot.org)

Searching for a Directory Service Solution?

Posted by Cliff on from the active-directory-or.... dept.

kumulan wonders: "I've got the responsibility to set up directory services as well as a messaging/groupware system for my organization of app. 100 employees spread out over three locations. We are a startup that is merging three existing smaller companies and, given the state of existing IS infrastructure at each of these locations, the decision has already been made that we are better off starting from scratch. It would be great to hear from Slashdot readers concerning which option is 'better' and why." "For me, the choices are stark and clear:
  1. MS Exchange/Active Directory
  2. A cobbled-together solution based as much as possible on OSS (as no direct equivalent exists).
For (2) we have evaluated, and are strongly considering, the following: Of course, Samba 4 will address some of this 'cobbling', but we can't wait for that."

15 of 367 comments (clear)

  1. Easy. by XorNand · · Score: 4, Insightful

    So, the question seems to be: OSS vs. Microsoft. Am I right? If so, the answer is easy: Which platform are the people who will be managaging the stuff have the most experience with? It may be sacrilege to say it here, but if you've a crew of MCSEs on staff who've never touched Linux, it's going to be more expensive and a bigger hastle go the OSS route.

    I forget who said it but "OSS is free like a puppy is free". You need to have the staff to tend to the care and feeding. In the Detroit area at least, Windows guys are a dime a dozen. Competent Windows guys, while a bit more rare, are still easier to find than experienced Linux admins. (Of course, I'm looking at your question from a business consulting standpoint. If you're looking more for a technical recommendation, there's a lot more people here better qualified than me.)

    --
    Entrepreneur : (noun), French for "unemployed"
    1. Re:Easy. by ndansmith · · Score: 4, Insightful
      You may be underestimating just how much is actually costs to get a Microsoft enterprise solution off the ground. You have to pay for the Server 2003 software, Exchange, XP Pro (volume), Office, Terminal Services licenses, and don't forget server CALs. Plus, you have to worry about Microsoft "obsoleting" your software via Vista, Longhorn Server, Blackcomb, and beyond; another round of licensing (and by extension of Vista's hardware requirements: another round of hardware updates / replacements).

      Sure, it may require a fine tooth comb and/or training to get some qualified Linux guys on board, but I doubt that compares with the expense of purchasing the Microsoft solution.

    2. Re:Easy. by zulux · · Score: 5, Insightful

      if you've a crew of MCSEs on staff who've never touched Linux, it's going to be more expensive and a bigger hastle go the OSS route.

      MS's newest/latest/greatest has a large learning curve as well. You old MCSE who knows Windows Domains will have just as much trouble learning Active Directory as he would have learning Samba 3.

      I've trained MCSEs in open source technology - about 50% do just fine. The otheres were paper MCSEs and sucked at Windows too.

      --

      Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.

    3. Re:Easy. by TedCheshireAcad · · Score: 3, Insightful

      Parent has a valid point, setting up and administering your OSS solution will take more work. However, you can tailor it better to your needs.

      I worked at Major Software Company in the Bay Area (tm), and their LDAP/Kerberos/Jabber/SMTP infrastructure worked very well, but of course, there were armies of admins to make things run smoothly. It was not without hiccups - but most if not all of the hiccups were minor (failed hard drives, etc.) and remedied within 20 minutes.

      My vote is for LDAP. You can do so much with it - authenticating users on your web apps is a cinch, directory lookups are easy, it integrates with every piece of mail client software, and it's free. Just my $.02.

    4. Re:Easy. by Tadrith · · Score: 4, Insightful

      This is definitely true. I've found it much easier, if instead of thinking of people as Windows techs, or Linux techs, you simply think of them as techs.

      A good tech should not be afraid of discovering and learning any system he or she might put their hands on, because part of being a good tech is learning how to keep your mind open and troubleshoot a problem. It doesn't matter if the problem is Windows, Linux, or a coffee maker -- you use the tools that you have to do the best job you can.

      I am a programmer for a living, but I also do double time as a technician. I am just as comfortable configuring Windows Server 2003 as I am with Novell Netware 6.5, or any flavor of Linux. I don't see it as my job, or my passion, to devote myself to one platform. My job is to help people with computers and give them advice on what solution works best for them. Of course, I have a primary area of expertise, but that doesn't stop me from learning on my own.

    5. Re:Easy. by Total_Wimp · · Score: 3, Insightful

      A good tech should not be afraid of discovering and learning any system he or she might put their hands on, because part of being a good tech is learning how to keep your mind open and troubleshoot a problem. It doesn't matter if the problem is Windows, Linux, or a coffee maker -- you use the tools that you have to do the best job you can.

      This is probably true for new guys learning an in-place system or a few new systems added to the familiar core network, but far less true for a bunch of newbies (to the system in question) trying to design something good from scratch.

      A good ADS guy will know how to design a good forest, he'll know how to acquire and install the necssary patches, he'll know how to set up a secure systems and he'll know the quality sources of help when he needs them. He'll know which built-in and third party utilities will save his bacon and he'll know what to check on if stuff stops working.

      The only thing that will teach an MS guy how to do all this with Open Source is experience. The only way he'll get that is with a bunch of time working with the products in question.

      In other words, it's dangerous as hell to trust your brand new network with a bunch of noobs. Even if they're very bright noobs who will catch on quickly, you take quite a risk while they're doing the catching on. Put a bunch of these guys under a couple of experienced people and they'll likely do ok with the new network, but if you don't have that experience on hand you're begging for trouble if you uproot a known system and throw a bunch of new stuff in to replace it.

      TW

  2. 3. Mac OS X Server by dgatwood · · Score: 4, Insightful
    Considered Open Directory?

    --

    Check out my sci-fi/humor trilogy at PatriotsBooks.

  3. STOP.... by ellem · · Score: 4, Insightful

    just save yourself the trouble

    W2K3.

    Just shut up, buy it and be done with it. It'll hook up with whatever you're running and it is fine as long as you take the same precautions any decent Sys Admin would.

    --
    This .sig is fake but accurate.
  4. Another Consideration by joelleo · · Score: 5, Insightful
    What exactly is the newly merged company doing? Is it supposed to be geeky-cool? Is it doing something totally unrelated to computers or technology? Is the IT infrastructure just a means to an end - users getting their work done?

    If the company is trying to do something geeky-cool, you may be best served by using a "cobbled-together" open source architecture. It'll show your boy's and girl's prowess on the console and could be used as a Hercules-on-a-pedestal showcase for your talents.

    On the other hand, in either of the other two cases, you're most likely going to be using MS on the desktop and your people aren't going to care that you've implemented OpenLDAP as long as their Word, Excel and Outlook work. In this situation, as has already been noted, you'd probably be best served by implementing Windows Server 2003 + Active Directory. An additional benefit is the expertise is relatively cheap and available, and may already be in-house with your amalgamated IT staff.

    Good luck!

    --
    "In the end, there is simply no weapon more devastating than the truth, delivered in just the right way." - tnk1
    1. Re:Another Consideration by benjamindees · · Score: 3, Insightful

      may already be in-house with your amalgamated IT staff.

      Or there very likely isn't an IT staff, almagamated or not. Three companies that join to form 100 employees, with poor infrastructure, typically means one company of 50 employees and a "Windows admin/something else" and two companies of 25 employees each that paid somebody to setup their networks five years ago and have since just watched it deteriorate.

      It sounds like the inquisitor is about to inhereit a huge mess without necessarily the skills or resources to deal with it. If that's the case, I'd suggest taking a long-term approach:

      1) Decide who will manage the network (this is a full time job),
          A) if it's you, then
                i) choose what you're most comfortable with, else
          B) if it's not you, then
                i) put an ad in the employment section, outlining your requirements in a non-specific way, contact outsourcing firms, and take applications.

      You may be suprised at what you get. Linux and Open Source can save a ton of money and hassle long term, especially when implemented from scratch, but you have to know what you're doing. If you don't know or aren't sure, get help. A company of 100 employees can easily justify having two admins, especially when combined with the savings Linux and OSS are capable of.

      --
      "I assumed blithely that there were no elves out there in the darkness"
  5. Re:3. Mac OS X Server by Penis_Envy · · Score: 3, Insightful

    The questioner did mention openldap. The advantage of going to the apple solution would be the integration that it would provide, rather than "cobbling" together the solution themselves (as they said themself.) It's not just the GUI. Then again, it would be one more thing to manage/maintain.

  6. Do you have Windows desktops ? by drsmithy · · Score: 4, Insightful
    If you do, AD is your only realistic choice. Group Policy alone justifies using it.

    Added to that, it's not especially difficult getting Unix machines to talk to AD for authentication and other information (it's just LDAP, after all).

    It's a hell of a lot easier to integrate and manage a handful of unix machines in a Windows environment than it is to integrate and manage a hundred Windows desktops in a unix environment. IME, that's typically the scenario (unix servers for mail, fileserving, DB, etc and Windows desktops).

  7. Active Directory and Exchange by mrscott · · Score: 4, Insightful

    Before I write, I should say that I'm in no way opposed to open source and use it where appropriate.

    If you want something very well supported, not horribly difficult to administer in a simple environment and tried and true, just go with Active Directory and Exchange, especially if your company's focus is on something other than providing unique technology solutions. (i.e. you sell baskets)

    While the open source solution might cost less up front, there is nothing in open sourece land at present that can touch the Exchange/Outlook combination. Sure, there are products such as OpenExchange, but, let's assume that you want the option to easily add other services later on, such as true handheld synchronization (i.e. www.good.com)

    I know it can be sacrilege on Slashdot to not promote an open source solution every time, but sometimes, the business side of the house is more important than a cool technology solution.

  8. Easy: Novell by ImaLamer · · Score: 5, Insightful

    Novell - well if you are a Novell shop, you will use NDS. You will use everything else Novell has. It is sort of like joining a secret cult.

    Not true, you can use Novell's NDS (eDirectory, the LDAP server software) right on top of Linux, Unix, or Windows. The admin tools are almost all Java based or otherwise accessible so you aren't locked in there (clients and management tools for Linux, Unix and Windows). Novell can manage the rights, er permissions, er privileges for clients of any flavor (because a directory services solution is about managing the resources on the network) - and has less bloat and more security than Active Directory.

    Novell is my choice hands down. It isn't the nightmare product it used to be. Quite flexable, scalable and for all intents and purposes "open". This product actually follows standards! In my experience it also prices cheaper for clients than Active Directory, although you never know because I'm sure it has changed.

    The person who asked this question initially said that the only other option to Active Directory was A cobbled-together solution based as much as possible on OSS (as no direct equivalent exists)

    This simply isn't true. There is eDirectory and it's better! (PDF) Wake up people! It's 2005 and there is a better option out there and to top it all off they are a Linux company too.

    --
    Get your Unix fortune now!
  9. Re:one caveat by JourneymanMereel · · Score: 3, Insightful
    So because of a price break on OS and MS Office management decided to move 52 million user objects and change the backbone of the distributed network? For a large corporation, what you save on the "price break" for those 50000 employers is negligent compared to what the total cost of the project, long term and short term.

    You obviously haven't worked with the management I have. Most decisions seem to be made based around golf buddy opinions rather than technical superiority.

    --
    Life has many choices. Eternity has two. What's yours?