Friday, December 07, 2007

It's the Directory, Stupid

I've caught up on e-mail - now I'm catching up on my Google Reader and the 677 unread blog items in it. One of the first items I saw caught my eye immediately - "It's the Directory, Stupid", an e-Week article which I saw over at my friend Don Bowen's blog: Wizard of IdM.

Here's the gist of Jason Brooks' article:

Until Red Hat, Novell, or another party focuses around open-source directory services, Linux will be stuck playing catch-up with Windows 2000.

Well, how can I disagree with that? Especially since I was part of the Windows 2000 - and most specifically - the Active Directory launch team! However, it is a pretty sad commentary when basically you are saying that Active Directory is the thought leader. Yes, it is the market leader - absolutely and without a doubt. However, like any product Active Directory has its own set of warts that Microsoft hasn't cleaned up nor are they showing any particular leadership towards Active Directory V2. (Please! Don't get me started on schema modifications!!)

All that said, I'd recommend Jason - and others - take a look at what's going on over at Apache's Directory Project - I find it pretty intriguing. Lots of potential...

ApacheDS is an embeddable directory server entirely written in Java, which has been certified LDAPv3 compatible by the Open Group. Besides LDAP it supports Kerberos 5 and the Change Password Protocol. It has been designed to introduce triggers, stored procedures, queues and views to the world of LDAP which has lacked these rich constructs.

I love how they have bowed to incorporating two-factor authentication into the directory via their "Triple Sec" product along with an Eclipse-based directory studio. What better way to move to a services-oriented architecture than with a well thought out, Java-based directory service?

Technorati Tags:
, ,

3 comments:

Gavin Henry said...

It's the Writer, Stupid - Do your research on OpenLDAP

Jackson Shaw said...

Gavin - Thanks for your comment. I'd love to link to a post that details some real-life OpenLDAP deployments. If you have one that you could point out I'm sure folks would love to read about them.

Thanks,

Jackson

MartyHeyman said...

Well, HP for one. They access their Active Directory silos through back-LDAP and present their real LDAP (enterprise directory) face to client apps through OpenLDAP. It's quite an excellent story, actually.

You may find our posts: AD/ADAM White Paper and AD/ADAM Performance Update interesting as well. They were written in response to comments from a couple of large financial institutions that they were going to convert from enterprise LDAP products to ADAM.

Finally, as much as we like the ApacheDS guys and are delighted that they're off carving new trails for the LDAP community, they are not working so much on a production-ready enterprise-grade software product as they are on proof of value of several key innovations. My personal feeling is that production versions of their innovations will come out in OpenLDAP (and C) as they prove out value for real customer requirements.

--
Marty Heyman of Symas Corporation
Symas and it's blog