I work with weefle, but more directly on our NDS. I'm not a real NDS Administrator, but I play one on TV.;)
I would like to think my interest in products such as this have very little to do with how well they perform on a day-to-day basis. I've often mentioned how boring directory services are (we've beta tested several versions--we install it, create a user, sit back and admire his red shirt). What interests me is what happens when they break.
I'd be willing to bet that Miami University must rank fairly highly on the list of dial-in sites for repair by Novell Technicians because of our use of, ahem, early release software in sometimes nonrecommend manners. For instance, we installed NetWare 5.0 (NDS 7) into our tree without performing a step listed in the readme. We promptly began turning Organizational Units into unknown objects until we disabled DS on the initial box. Oops. Took Novell dial-in technicians (hi, Byron!) about 4 days to fix our problems. Effect? Four divisions which had configured printing in bindery emulation could not print. No other effect--users did not notice. Administrators scrambled and converted printing to NDS mode, but users logged in and did not suffer in performance.
Several years ago, the only replica of [Root] was deleted and Novell dialin had to convert an ancilliary partition to include [Root]. We've caused severe problems in tree communication through incompatible releases and have corrupted our schema more times than I want to think.
In fact, the other day, I accidently chose to merge a partition back into [Root] instead of simply checking synchronization. I aborted about 5 minutes after it started. This happened right in the middle of the afternoon. The abort worked smoothly and within 10 minutes, everything was back the way it had been. No user or service was affected.
Sounds bad, no? It has been and continues to be in many ways, but I look at any large, distributed product administered by 12 individuals who can modify DS versions and probably 60 individuals with "write" access to portions of the directory as having potentially vast and horrible problems. Novell could have done more in the past to prevent us from damaging ourselves. My point is that we are still running our original, begun with NW 4.01, tree without scrapping and staring over (though we've redesigned several times) upgraded to NetWare 5.1 with the newest DS, and we have not experienced severe downtime. Sure, on occaision logins took 10+ minutes for the application launcher to complete because of a misconfiguration, but it was up. Current versions of DS allow us to perform repairs during the daytime without taking down service for most repairs.
This is why I like Novell Directory Services. It works well when it works. It works okay when it's broken. I like this second point. Active Directory requires the server to be rebooted to perform a directory repair (it's a special boot option). I'm not very familiar with other directory technologies, but I believe there are similar limitations.
Novell is also beginning to get the meta-directory picture. They are currently shipping tools that allow ldif import and export (haven't tested the export utility yet--just found out about it) as well as forthcoming synchronization support for Notes, Netscape and Active Directory (the beta for this product, DirXML is available from Novell's public beta site, but I haven't been able to get it working).
A significant problem of Novell is client-platform support. For instance, you can put an NDS replica on AIX, but you cannot access it from AIX. You can put a replica on OS/390, but you cannot access it from there. You can put a replica on Linux and Solaris and have PAMs authenticate from the NDS, but applications cannot use it. (Actually, they will be shipping a product soon, derived from work at a university, that does export NDS APIs and allow logins from the above platforms and many others.) NetWare access from Macs seems a much greater priority than NDS access (they are quite different) from Macs. In fact, sp1 ships with something called NDSDAV--similar to WebDAV to access and modify NDS properties and permissions through the Web. I began to think I had a solution for my Mac/Linux/Refridgerator users. Unfortunately, it prompty required an ActiveX control and would not work on any platform but my Windows box running IE. Hopefully they'll get in gear.
To underscore their desire to go the path of LDAP, however, their APIs for their "supported" platforms (Win32 and NetWare) are going out of their way to support LDAP-style access and current rumor is that when LDAP supports everything that NDAP does (printing and other fun things), Novell will dwindle their reliance on NDAP for native communication. One story I heard from an NDS engineer is that LDAP access in NDS 8 is actually faster than NDAP access, but I haven't tested it.
In general, directory services seem a way to relate many servers and services together. Problems arise when you have technologies that can vary by 4-5 years communicating with each other (our tree includes a 4.10 server) on sometimes questionable hardware (that server is a 486 PS/2).
Also, I wanted to pose the question whether Open Source directories can really crack the enterprise. I believe a lot can be done in open source, but directories, to me, are the large, disparate databases that only break when they get large. It seems that a company would be reluctant to bet big on an untested technology and performance on a smale scale does not necessarily mean any sort of performance on a large scale. When I see companies take a chance on a new product like this, it's after the vendor has flown out and promised much assistance and support (when we were an Alive w/ 5.1 site, we had 3 people fly out, one with connections to all sorts of engineers back in Utah-home, and a special contact if we had problems after they left). I don't see how open source products can create that feeling of confidence.
Yup, blame the Christians. Everything is their fault. Just yesterday I saw a Christian backing up the pill that increases a woman's bust.
Perhaps *you* are the one preaching bad science, eh? After all, you're categorizing a (n extremely large) group of people without proper understanding.
For the sake of rational discussion, let's narrow the group you criticize to fundamentalist "young earthers." What is the statement of these fools? That nothing is proven in science and that teaching natural selection as fact undermines good science as well as promotes a world view.
The simple fact is that science cannot prove anything -- it can only disprove. And, if you're honest to yourself, you'll realize that believing in something to be true that cannot be proven (and cannot be observed) is faith. Yep, faith. You know, the stuff you criticize those Christians for practicing. Now, if you would like to have a rational comparison of your faith to the young earthers, please proceed. I just wanted to make sure you saw things in the correct context.
Slashdot Mirror
I really want to know if those of us with a last name of Cooper can get a domain in .coop. I think it'd be great to be micah.coop!
I would like to think my interest in products such as this have very little to do with how well they perform on a day-to-day basis. I've often mentioned how boring directory services are (we've beta tested several versions--we install it, create a user, sit back and admire his red shirt). What interests me is what happens when they break.
I'd be willing to bet that Miami University must rank fairly highly on the list of dial-in sites for repair by Novell Technicians because of our use of, ahem, early release software in sometimes nonrecommend manners. For instance, we installed NetWare 5.0 (NDS 7) into our tree without performing a step listed in the readme. We promptly began turning Organizational Units into unknown objects until we disabled DS on the initial box. Oops. Took Novell dial-in technicians (hi, Byron!) about 4 days to fix our problems. Effect? Four divisions which had configured printing in bindery emulation could not print. No other effect--users did not notice. Administrators scrambled and converted printing to NDS mode, but users logged in and did not suffer in performance.
Several years ago, the only replica of [Root] was deleted and Novell dialin had to convert an ancilliary partition to include [Root]. We've caused severe problems in tree communication through incompatible releases and have corrupted our schema more times than I want to think.
In fact, the other day, I accidently chose to merge a partition back into [Root] instead of simply checking synchronization. I aborted about 5 minutes after it started. This happened right in the middle of the afternoon. The abort worked smoothly and within 10 minutes, everything was back the way it had been. No user or service was affected.
Sounds bad, no? It has been and continues to be in many ways, but I look at any large, distributed product administered by 12 individuals who can modify DS versions and probably 60 individuals with "write" access to portions of the directory as having potentially vast and horrible problems. Novell could have done more in the past to prevent us from damaging ourselves. My point is that we are still running our original, begun with NW 4.01, tree without scrapping and staring over (though we've redesigned several times) upgraded to NetWare 5.1 with the newest DS, and we have not experienced severe downtime. Sure, on occaision logins took 10+ minutes for the application launcher to complete because of a misconfiguration, but it was up. Current versions of DS allow us to perform repairs during the daytime without taking down service for most repairs.
This is why I like Novell Directory Services. It works well when it works. It works okay when it's broken. I like this second point. Active Directory requires the server to be rebooted to perform a directory repair (it's a special boot option). I'm not very familiar with other directory technologies, but I believe there are similar limitations.
Novell is also beginning to get the meta-directory picture. They are currently shipping tools that allow ldif import and export (haven't tested the export utility yet--just found out about it) as well as forthcoming synchronization support for Notes, Netscape and Active Directory (the beta for this product, DirXML is available from Novell's public beta site, but I haven't been able to get it working).
A significant problem of Novell is client-platform support. For instance, you can put an NDS replica on AIX, but you cannot access it from AIX. You can put a replica on OS/390, but you cannot access it from there. You can put a replica on Linux and Solaris and have PAMs authenticate from the NDS, but applications cannot use it. (Actually, they will be shipping a product soon, derived from work at a university, that does export NDS APIs and allow logins from the above platforms and many others.) NetWare access from Macs seems a much greater priority than NDS access (they are quite different) from Macs. In fact, sp1 ships with something called NDSDAV--similar to WebDAV to access and modify NDS properties and permissions through the Web. I began to think I had a solution for my Mac/Linux/Refridgerator users. Unfortunately, it prompty required an ActiveX control and would not work on any platform but my Windows box running IE. Hopefully they'll get in gear.
To underscore their desire to go the path of LDAP, however, their APIs for their "supported" platforms (Win32 and NetWare) are going out of their way to support LDAP-style access and current rumor is that when LDAP supports everything that NDAP does (printing and other fun things), Novell will dwindle their reliance on NDAP for native communication. One story I heard from an NDS engineer is that LDAP access in NDS 8 is actually faster than NDAP access, but I haven't tested it.
In general, directory services seem a way to relate many servers and services together. Problems arise when you have technologies that can vary by 4-5 years communicating with each other (our tree includes a 4.10 server) on sometimes questionable hardware (that server is a 486 PS/2).
Also, I wanted to pose the question whether Open Source directories can really crack the enterprise. I believe a lot can be done in open source, but directories, to me, are the large, disparate databases that only break when they get large. It seems that a company would be reluctant to bet big on an untested technology and performance on a smale scale does not necessarily mean any sort of performance on a large scale. When I see companies take a chance on a new product like this, it's after the vendor has flown out and promised much assistance and support (when we were an Alive w/ 5.1 site, we had 3 people fly out, one with connections to all sorts of engineers back in Utah-home, and a special contact if we had problems after they left). I don't see how open source products can create that feeling of confidence.
Perhaps *you* are the one preaching bad science, eh? After all, you're categorizing a (n extremely large) group of people without proper understanding.
For the sake of rational discussion, let's narrow the group you criticize to fundamentalist "young earthers." What is the statement of these fools? That nothing is proven in science and that teaching natural selection as fact undermines good science as well as promotes a world view.
The simple fact is that science cannot prove anything -- it can only disprove. And, if you're honest to yourself, you'll realize that believing in something to be true that cannot be proven (and cannot be observed) is faith. Yep, faith. You know, the stuff you criticize those Christians for practicing. Now, if you would like to have a rational comparison of your faith to the young earthers, please proceed. I just wanted to make sure you saw things in the correct context.