The Netscape/Sun/iPlanet LDAP servers were some of the lowest-performing servers around, especially when used for authentication/authorisation service. They were particularly poor at delivering the same relatively small set of data repeatedly to many servers - they performed better when used for large telephone-directory-like services, where requests were for scattered entries among millions.
AD used to be terrible at the 'telephone directory' (large data set) LDAP applications, but was tuned especially for the 'need the same small set of data delivered over and over' needs of authc/authz service. With Windows 2003 they improved the telephone directory style service, but have seriously improved the authc/authz performance as well (and removed some of the annoying data size limitations too). If you have a large infrastructure to serve, I heartily recommend doing side-by-side comparisons of all proposed LDAP servers, using data that is as close to your production data set as possible, and simulating the probable client load. And if you do this, pleases publish the results! I did my last tests a few years ago, and at that time nothing came close to AD for throughput, reliability, and scalability. However, I'm quite willing to be blown away by the next new kid on the block (or old kid with new Turbocharger :-) I'd be especially thrilled to hear about an Open Source solution that really delivers in this area. - Richard Clif Smith wrote: > I'm in a similar situation and am wondering if anyone has tried using the 389 > Directory Server and it's AD password and group sync? The 389 project is the > defendant to the Netscape|Sun|iPlanet|Fedora Directory Server and the open > source basis that the Red Hat Directory Server is built from. > - http://directory.fedoraproject.org/ > - http://directory.fedoraproject.org/wiki/Howto:WindowsSync > > cjs > > On Jul 10, 2010, at 1:19 AM, Michael D. Parker wrote: > > >> The company that I am working for is embarking on replacing the current >> locally developed NIS/YP structure with something LDAPish. >> >> We already have AD in house for the Windows stuff and would like to consider >> using the AD system. The AD people are quite restrictive and would not >> easily support extensive modifications. >> >> We have needs to have the replacement include the support the full >> capabilities of the NIS/YP suite include netgroups, login restrictions to >> specific servers for specific users or groups of users, consistent passwords >> between the *nix and Windows environment,etc. Our environment is a mixture >> of Linux (suse, RH, Debian), Sun, IBM, HP and MPRAS as well as a NETAPP. So >> whatever we use must be totally inclusive to all environment. >> >> We have looked at Likewise, but our management wants other alternatives to >> compare with. >> >> What other things should I be looking at and what is you assessment of the >> alternative? >> >> Thanks for your assistance. >> >> _______________________________________________ >> Tech mailing list >> Tech@lopsa.org >> http://lopsa.org/cgi-bin/mailman/listinfo/tech >> This list provided by the League of Professional System Administrators >> http://lopsa.org/ >> > > > _______________________________________________ > Tech mailing list > Tech@lopsa.org > http://lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ > _______________________________________________ Tech mailing list Tech@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
