[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ADSI distributed queries CONVERT failures w/ OpenLDAP



Hello Egor,

Hmmm..... I guess the comment I'll make is the application dictates the requirements, so I'm not sure which would be best, but I can provide you with some DS insight perhaps.

ActiveDirectory / MS Exchange
- Robust LDAP with clustering and replication = scalable
- Tight integration with other utilities (web server, DB server, etc.)
- Within the directory there is a TON of data that isn't really LDAP but NT domain related (i.e. it is very cluttered)
- Management with pure LDAP tools is not an option (needs to use the supporting AD tools)
- Heavily tied in with the NT Domain structure and user accounts on the system (may not want to give permissionable access to machines when an address book was all that was needed)
- Extendable scheme but difficult to modify and manage


OpenLDAP
- Not as full featured (yet) as other LDAP servers
- Supporting tools need work
- Not tightly integrated with anything, requires loadable modules for things like specific authentication methods
- Pure LDAP implementation
- Easily extensible schema and configuration
- Unknown scalability


Netscape
- Very similar to OpenLDAP with more friendly UI tools
- Somewhat integrated with web servers for authentication, mail servers, cert servers, etc...
- Pure LDAP implementation
- Even easier extensible schema and configuration
- Fairly scalable


As for clients, I'll offer what I can:

OpenLDAP API - never used
MS ADSI - very good COM object API that interfaces to pretty much everything (not great for Java clients)
MS Winldap - haven't used very much, use superceded by ADSI
Netscape C API - the definitive LDAP API, good, lean and mean - lacks nice (i.e. OO) interfaces
MS ADSI through OLEDB - Read only and seems to have issues with typecasting on non-ActiveDir systems (my current problem)
JNDI - another excellent generalized API, fantastic for java (not much else however)


So there you go, just my thoughts. I've only been working in directory data for 3 years though, so other people likely know more and have better experiences.

- Nick