Hello. We have some recent experience using Microsoft ADAM. It's not bad at all but in true Microsoft fashion it suffers (from a sysadmin point of view) as a clickety-click black box and not much help when you get into difficulty.
The Red Hat DS is based on the iplanet directory server that Sun once bought and renamed a half dozen times. I think from memory it's the equivalent of iplanet 5. From what I can remember this ran very well on Solaris, but with stability issues on several other platforms - particularly windoze. Sun have been working on a Java implementation of of LDAP for a number of years, and recently came up with this: http://blogs.sun.com/Ludo/entry/open_source_ldap_server_in I have no experience with it and so can not vouch for it's usefulness. When you say 1000 hosts you mean a thousand servers which are authentication clients? I have about 10 years of LDAP under my belt, and in all honesty if I had my time again I wouldn't have bought into it. Today I think a lot can be achieved by presenting your directory services as web services. Of course then it becomes more of a programming problem than a sysadmin problem, but that's not a bad thing. The advantage of this approach is that consumer applications don't need to know what the underlying technology is behind your user store / configuration store what ever. In your case, assuming your primary need is OS (PAM?) authentication + authorisation, I'd seriously consider using Solaris with Sun's own (newer) build of the same directory server (not the new Java one, but the one that's derived from the iPlanet DS). I think this is the one: http://www.sun.com/software/products/directory_srvr_ee/dir_srvr/index.xml although they change the name so often I can't be certain. The advantage for you should be a simple migration away from the Red Hat build, a more stable OS (don't shoot me) and DS combo with massive proven existing installations. It's been the 'best of breed' in LDAP for a long long time. Hope this helps Rich On 20 Nov, 11:28, Jeremy Portzer <[EMAIL PROTECTED]> wrote: > Hello, > > Does anyone have any recent experience with LDAP deployments across > reasonably large environments (we have 1000+ hosts)? We use LDAP for > traditional Unix host authentication/authorization, as well as various > other web apps. We currently use Fedora Directory Server but are having > many problems with its multimaster replication, and have hit some walls > in troubleshooting it. While I believe we probably can fix it, > management has asked for us to consider other directory server products > (including commercial ones), if they would offer better features and > long-term support. I'm wondering if anyone can offer their recent LDAP > deployment experiences? > > Our requirements: > * Multimaster replication (or similar) for cluster deployment across > diverse geographical sites > * Scalability to 1000's of hosts > * Some sort of GUI administration (I guess web-based would be > preferred; Fedora DS's Java-based admin tool is acceptable but painful > to set up, and very slow over LANs) > * Runs on RHEL, preferably playing nice with other apps on the same > host(s) > * Sane backup, disaster recovery, and upgrade procedures > > Commercial support availability is not a specific requirement, but is > something we'd consider if it has good cost/benefit so I'd be interested > in any thoughts on that also. (Note: head office is in the US, so > AU-based support not really necessary) > > Thanks, > --Jeremy > -- > SLUG - Sydney Linux User's Group Mailing List -http://slug.org.au/ > Subscription info and FAQs:http://slug.org.au/faq/mailinglists.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
