Hello Nicholas,
Thank you very much, informatioon you sent is very useful.
Although I need more on tools compatibility. You noted that
for Active Directory I should use only MS tools.
What about back compatibility i.e. using MS Tools with other
LDAP servers?
My project will probably need to contact to 3rd party LDAP
servers as well to own one, so I cannot fully control server
side and need more compatibility with various LDAP servers.
Also from my fellow in MS I heard that they've made own
LDAP access library for internal use, based on pure LDAP
standard. They used it in many Exchange related projects.
So it must be possible to contact Exchange through pure
LDAP.. What the problem was in your case ? Why you said
"Management with pure LDAP tools is not an option"? Is it
only useability issue or there is more behind it ??
Egor A. Shokurov
Development Lead
Netreflector.com Inc.
email: yeghors@netreflector.com <mailto:yeghors@netreflector.com>
Phone: int+7-095-530-16-09
> -----Original Message-----
> From: Nicholas Oddson [mailto:noddson@b2bscene.com]
> Sent: Friday, January 26, 2001 10:43 PM
> To: Egor Shokurov; openldap-software@OpenLDAP.org
> Subject: RE: ADSI distributed queries CONVERT failures w/ OpenLDAP
>
>
> Hello Egor,
>
> Hmmm..... I guess the comment I'll make is the application
> dictates the
> requirements, so I'm not sure which would be best, but I can
> provide you
> with some DS insight perhaps.
>
> ActiveDirectory / MS Exchange
> - Robust LDAP with clustering and replication = scalable
> - Tight integration with other utilities (web server, DB server, etc.)
> - Within the directory there is a TON of data that isn't
> really LDAP but NT
> domain related (i.e. it is very cluttered)
> - Management with pure LDAP tools is not an option (needs to use the
> supporting AD tools)
> - Heavily tied in with the NT Domain structure and user
> accounts on the
> system (may not want to give permissionable access to
> machines when an
> address book was all that was needed)
> - Extendable scheme but difficult to modify and manage
>
> OpenLDAP
> - Not as full featured (yet) as other LDAP servers
> - Supporting tools need work
> - Not tightly integrated with anything, requires loadable modules for
> things like specific authentication methods
> - Pure LDAP implementation
> - Easily extensible schema and configuration
> - Unknown scalability
>
> Netscape
> - Very similar to OpenLDAP with more friendly UI tools
> - Somewhat integrated with web servers for authentication,
> mail servers,
> cert servers, etc...
> - Pure LDAP implementation
> - Even easier extensible schema and configuration
> - Fairly scalable
>
> As for clients, I'll offer what I can:
>
> OpenLDAP API - never used
> MS ADSI - very good COM object API that interfaces to pretty much
> everything (not great for Java clients)
> MS Winldap - haven't used very much, use superceded by ADSI
> Netscape C API - the definitive LDAP API, good, lean and mean
> - lacks nice
> (i.e. OO) interfaces
> MS ADSI through OLEDB - Read only and seems to have issues
> with typecasting
> on non-ActiveDir systems (my current problem)
> JNDI - another excellent generalized API, fantastic for java
> (not much else
> however)
>
> So there you go, just my thoughts. I've only been working in
> directory
> data for 3 years though, so other people likely know more and
> have better
> experiences.
>
> - Nick
>