J: So, what does your product do?
I: Our product does "x".
J: It's integrated with Active Directory?
I: Of course, we use LDAP!
J: OK, let's get clear about it. You use LDAP, right? Do you use ADSI?
I: No, just LDAP.
J: So, you're integrated with LDAP directories. You're not integrated with Active Directory.
I: Well, Active Directory supports LDAP.
J: Correct, it does. But I'm really interested in advanced integration with Active Directory like "serverless bind", Group Policy integration, the ability to modify permissions on resources...
I: Ah, well, you see, but, we...sometimes, ah, our customers, bzzzt, click, blue screen
These memories came back after I read a post over at JoeWare on this topic...
I am about sick to death of running into LDAP apps that need hardcoded host names. What the hell is wrong with you people? There is a perfectly good RFC out there for locating LDAP Services (as well as other services) that works quite well and you still refuse to use it. FYI, if you don’t know about it, it is RFC 2782 - A DNS RR for specifying the location of services (DNSSRV) - http://www.ietf.org/rfc/rfc2782.txt
All you are doing is making your apps susceptible to single server failure and requiring businesses to try to solve issues with failover for you. You look like a bunch of schmucks, stop that shit. I know it can be done, I saw people doing it on UNIX more than five years ago.
Right on, Joe!
Just by using a bit of ADSI an ISV could tout another great benefit to their customer's and make it look like they did all the work themselves: "Mr. Customer, our widget provides automatic failover in an Active Directory environment without any additional hardware or software!!"
Wake up and smell the coffee ISVs! Active Directory is deployed in 85% of the enterprises in the US. Pay it some respect for crying out loud.
Active Directory, Microsoft, LDAP, identity management