May 26, 2005
Dancing the Happy Dance
I've been waiting for this for a while: the release date for the RedHat Directory Server (based on Netscape DS 4.x codebase) is June 1. Frankly, I will be amazed if OpenLDAP has much mindshare a year after that. RHDS, assuming it shares the same capabilities as NDS and SunONE (or whatever they're calling it this week), is faster, more flexible, has multi-mastering replication, has better command-line tools, has a management console, stores configuration in the directory (separate suffix) and has better system management and logging support.
With this being open sourced, I can see a few modifications that can make this the (almost) perfect directory server (some of which are in SunONE, and some are not): more granular replication, down to the attribute level; preferred-master replication override on a per-database, per-attribute or per-filter basis; distributed single sign-on support (referring writes of the password retry count to the master is a security hole in a high-load environment, and true multi-master is slower than master/hub/replica schemes); logically-consistent data split across multiple back-ends; support for a query language more flexible than LDAP queries, translated by a front end query engine implemented on the server; and so on. Most importantly, I can reference the source if I have a question. (I once was almost paid double by Sun to answer my own question on a project I was doing for them; shouldn't have told the support guy who they would be calling out to answer it.)
OK, admittedly, some of these things won't get done - or won't get done quickly - but now I know that if I really need them for a project or a client, I can hire the team to get them done. (Yes, some of the projects I've done are big enough that they could justify that.) In the end, the key advantage of this to me as a directory consultant (and to my clients as directory users) is that an enterprise-class directory is available that can be customized to any purpose the client requires. Moreover, this is an ideal platform for an open source access and identity management solution. (Need more time: anyone care to pay me to design and help implement and open source access and identity management solution?)
As an aside, I got this story from SlashDot. If anyone tells you OpenLDAP is ready for the enterprise, or SecureWay is a good directory server, run - don't walk - away from them. Do not hire them as a directory architect, as they are clearly either incompetent or smoking something illegal.
TrackBack URL for this entry:
Where is the RHDS source code???
Posted by: rodney at June 2, 2005 9:53 AM
Posted by: Jeff Medcalf at June 2, 2005 1:25 PM