Forgot your password?
typodupeerror
Businesses Software Technology

Searching for a Directory Service Solution? 367

Posted by Cliff
from the active-directory-or.... dept.
kumulan wonders: "I've got the responsibility to set up directory services as well as a messaging/groupware system for my organization of app. 100 employees spread out over three locations. We are a startup that is merging three existing smaller companies and, given the state of existing IS infrastructure at each of these locations, the decision has already been made that we are better off starting from scratch. It would be great to hear from Slashdot readers concerning which option is 'better' and why."
"For me, the choices are stark and clear:
  1. MS Exchange/Active Directory
  2. A cobbled-together solution based as much as possible on OSS (as no direct equivalent exists).
For (2) we have evaluated, and are strongly considering, the following: Of course, Samba 4 will address some of this 'cobbling', but we can't wait for that."
This discussion has been archived. No new comments can be posted.

Searching for a Directory Service Solution?

Comments Filter:
  • Easy. (Score:5, Insightful)

    by XorNand (517466) * on Monday September 19, 2005 @07:34PM (#13600374)
    So, the question seems to be: OSS vs. Microsoft. Am I right? If so, the answer is easy: Which platform are the people who will be managaging the stuff have the most experience with? It may be sacrilege to say it here, but if you've a crew of MCSEs on staff who've never touched Linux, it's going to be more expensive and a bigger hastle go the OSS route.

    I forget who said it but "OSS is free like a puppy is free". You need to have the staff to tend to the care and feeding. In the Detroit area at least, Windows guys are a dime a dozen. Competent Windows guys, while a bit more rare, are still easier to find than experienced Linux admins. (Of course, I'm looking at your question from a business consulting standpoint. If you're looking more for a technical recommendation, there's a lot more people here better qualified than me.)
    • Re:Easy. (Score:5, Insightful)

      by ndansmith (582590) on Monday September 19, 2005 @07:40PM (#13600426)
      You may be underestimating just how much is actually costs to get a Microsoft enterprise solution off the ground. You have to pay for the Server 2003 software, Exchange, XP Pro (volume), Office, Terminal Services licenses, and don't forget server CALs. Plus, you have to worry about Microsoft "obsoleting" your software via Vista, Longhorn Server, Blackcomb, and beyond; another round of licensing (and by extension of Vista's hardware requirements: another round of hardware updates / replacements).

      Sure, it may require a fine tooth comb and/or training to get some qualified Linux guys on board, but I doubt that compares with the expense of purchasing the Microsoft solution.

      • Re:Easy. (Score:5, Interesting)

        by XorNand (517466) * on Monday September 19, 2005 @07:50PM (#13600477)
        Not really--I myself and am MCSE and run my own consulting company where the majority of my clients run Active Directory. I'm quite aware of the costs. MS includes a license for Outlook when you buy a CAL for Exchange, so that extra expense is negated. OpenOffice also might make a viable office suite for this person, but the question was about directory services. Terminal Services is a non-issue in the same regard.

        And it's not as cheap and easy to get quality techies as you might think. Putting your existing staff through a boot camp is only the tip of the iceberg expense-wise, and it's a very inefficent solution.
        • For the record, I'm also a CNE and greatly prefer NDS to AD. However, it would wrong of me to recommend to a client that they actually consider a new installation of Netware just because it's technically superior, or worse, just because I like it more.

          A lot of techies forget that technical and business interests sometimes conflict. In such cases, business interests always need to be given a greater priority.
          • You can run NDS (or eDirectory, or whatever they're calling it these days) and many other Novell products on Linux without any NetWare servers.
        • I may be wrong here as to how it is with the current market but MS including a license for Outlook is almost a false positive that started during Exchange 2000 deployment.

          What I mean by this is if you're on some SA plan or Open license (I deployed quite a few MOLP), and you wanted Office AND Exchange, you still had to buy the Standard Office Suite AND Exchange CALS so you ended up buying licenses for Outlook twice.

          Now you can look at that a couple of ways. You buy an Exchange CAL and you get access to it (
      • by Alioth (221270)
        Additionally - Active Directory et al. isn't as easy as people would lead you to believe ("It's Windows! It has a GUI! Therefore it's easy!")

        We just had Active Directory rolled out here. Our performance problems were so bad we had to hire Microsoft consultants to try and figure it out - and these people from the company that makes the product took over a month to actually come up with a solution that ran only half as quickly as our old Novell system. Admittedly, it's a much bigger system than 100 users (and
      • by CrudPuppy (33870)
        While I would normally say use OpenLDAP, Sun has recently made a version of their Directory Server free and open source. Their GUI management is excellent, and it supports Multi-Master Replication.

        In case you're not familiar with MMR, think about your normal scenario. Maybe you have 1 master server and 2 slaves, one for each physical location. with MMR, you quite literally have 3 master servers, all of which can be updated and will push the changes to the others. This means no more worrying about losing
        • by Ath (643782)
          Wow. MMR sounds great. But it isn't. It's nothing more than a half-baked feature set compared to Novell's eDirectory. Since its release in 1993, eDirectory has supported partitions and replicas of the directory with full backlink support for all resources.

          What that means is that you don't tie up your WAN link with unnecessary directory traffic sending sync messages when they aren't necessary.

          What I find amazing is that people just reject eDirectory too often because it is from Novell. It is fully LDAP v

    • Re:Easy. (Score:5, Insightful)

      by zulux (112259) on Monday September 19, 2005 @07:43PM (#13600445) Homepage Journal
      if you've a crew of MCSEs on staff who've never touched Linux, it's going to be more expensive and a bigger hastle go the OSS route.

      MS's newest/latest/greatest has a large learning curve as well. You old MCSE who knows Windows Domains will have just as much trouble learning Active Directory as he would have learning Samba 3.

      I've trained MCSEs in open source technology - about 50% do just fine. The otheres were paper MCSEs and sucked at Windows too.

      • Re:Easy. (Score:2, Insightful)

        by hagrin (896731)
        MS's newest/latest/greatest has a large learning curve as well. You old MCSE who knows Windows Domains will have just as much trouble learning Active Directory as he would have learning Samba 3.

        I've trained MCSEs in open source technology - about 50% do just fine. The otheres were paper MCSEs and sucked at Windows too.


        Ok, so you're saying techies trying the latest and greatest without any training fail more often than the users who received your training in OSS solutions? So, obviously, the parent s
      • Re:Easy. (Score:5, Insightful)

        by Tadrith (557354) * on Monday September 19, 2005 @08:44PM (#13600753) Homepage
        This is definitely true. I've found it much easier, if instead of thinking of people as Windows techs, or Linux techs, you simply think of them as techs.

        A good tech should not be afraid of discovering and learning any system he or she might put their hands on, because part of being a good tech is learning how to keep your mind open and troubleshoot a problem. It doesn't matter if the problem is Windows, Linux, or a coffee maker -- you use the tools that you have to do the best job you can.

        I am a programmer for a living, but I also do double time as a technician. I am just as comfortable configuring Windows Server 2003 as I am with Novell Netware 6.5, or any flavor of Linux. I don't see it as my job, or my passion, to devote myself to one platform. My job is to help people with computers and give them advice on what solution works best for them. Of course, I have a primary area of expertise, but that doesn't stop me from learning on my own.
        • Re:Easy. (Score:4, Insightful)

          by Total_Wimp (564548) on Monday September 19, 2005 @10:03PM (#13601152)
          A good tech should not be afraid of discovering and learning any system he or she might put their hands on, because part of being a good tech is learning how to keep your mind open and troubleshoot a problem. It doesn't matter if the problem is Windows, Linux, or a coffee maker -- you use the tools that you have to do the best job you can.

          This is probably true for new guys learning an in-place system or a few new systems added to the familiar core network, but far less true for a bunch of newbies (to the system in question) trying to design something good from scratch.

          A good ADS guy will know how to design a good forest, he'll know how to acquire and install the necssary patches, he'll know how to set up a secure systems and he'll know the quality sources of help when he needs them. He'll know which built-in and third party utilities will save his bacon and he'll know what to check on if stuff stops working.

          The only thing that will teach an MS guy how to do all this with Open Source is experience. The only way he'll get that is with a bunch of time working with the products in question.

          In other words, it's dangerous as hell to trust your brand new network with a bunch of noobs. Even if they're very bright noobs who will catch on quickly, you take quite a risk while they're doing the catching on. Put a bunch of these guys under a couple of experienced people and they'll likely do ok with the new network, but if you don't have that experience on hand you're begging for trouble if you uproot a known system and throw a bunch of new stuff in to replace it.

          TW
    • Re:Easy. (Score:2, Informative)

      by Daengbo (523424)
      While I agree with you, the K12OS mailing list that I continually lurk on has quite a few inexperienced Linux fols, and the single sign-on issue has basically been solved by one of them. David Trask has put together a script which automates setting up smb-ldap for a PDC, and it's here: http://web.vcs.u52.k12.me.us/linux/smbldap/ [k12.me.us]

      As for a groupware solution, I currently use egroupware ( http://egroupware.org/ [egroupware.org] ), which is fairly mature, can authenticate to ldap, and can be used both over the web and thorugh
    • Re:Easy. (Score:5, Interesting)

      by killjoe (766577) on Monday September 19, 2005 @07:55PM (#13600505)
      Just be sure to include your long term costs when you are evaluating. you should calculate the costs of integration and upgrades too. MS products don't work well with other companies products and will inevitably cost you hundreds of man hours if you are ever presented with the problem of integrating non standard MS software with software from other vendors.

      As far as admins go studies have shown that unix admins on average maintain more servers per admin then windows admins. You may be able to do with one unix admin as opposed to two windows admins.

      windows machines as a rule run less services per machine then unix machines do. This means more servers, which means, more servers to patch, keep up to date, backup, and admin.

      Finally the perenial problem of backups and bare metal recovery. This is trivial in unix but costs thousands if not tens of thousands of dollars for windows.

      There is a lot to think about. Just saying I have used windows XP before so i can maintain a active directory/exchange environment is plain old stupid.
    • Re:Easy. (Score:4, Insightful)

      by TedCheshireAcad (311748) <ted.fc@rit@edu> on Monday September 19, 2005 @08:32PM (#13600695) Homepage
      Parent has a valid point, setting up and administering your OSS solution will take more work. However, you can tailor it better to your needs.

      I worked at Major Software Company in the Bay Area (tm), and their LDAP/Kerberos/Jabber/SMTP infrastructure worked very well, but of course, there were armies of admins to make things run smoothly. It was not without hiccups - but most if not all of the hiccups were minor (failed hard drives, etc.) and remedied within 20 minutes.

      My vote is for LDAP. You can do so much with it - authenticating users on your web apps is a cinch, directory lookups are easy, it integrates with every piece of mail client software, and it's free. Just my $.02.
    • Re:Easy. (Score:5, Informative)

      by sillypixie (696077) * on Monday September 19, 2005 @08:38PM (#13600725) Journal
      I think you are missing more than a few options there.

      IBM has directory services.

      Sun has directory services.

      Novell has directory services.

      My thoughts:

      - the problem with IBM's directory is that it sits on top of DB2. This abrogates one of the coolest parts about directories - that you don't need a DBA. And a mistuned IBM directory is an ugly, ugly thing.

      - the Sun/Netscape/iPlanet/SJSDS-whatever-they-call-it-t his-second tends to run well directly out-of-the-box without the need for much in the way of expertise, in smaller environments. I would call this directory the defacto standard (although this statement may now be obsoleted by the advance of AD - hard to say). If you are using other SUN infrastructure, or if you are using the Sun Calendaring/Messaging product (which I would recommend as a very solid alternative to MS exchange), this DS is an excellent choice.

      - Novell - well if you are a Novell shop, you will use NDS. You will use everything else Novell has. It is sort of like joining a secret cult.

      - OSS - I would consider this an advanced option. My suggestion is, if you know nothing about directory services, that you would be better off with something a little more... packaged. I'm sure many here will rabidly disagree with me, but I certainly would consider that choice as risky. A second issue is that many LDAP-enabled products that you may wish to run on top of your directory layer (provisioning, WSSO, etc) only support commercial directory servers.

      - Microsoft - well, you're probably going to have to install this one anyways, in order to get a LAN. Although I'm a unix chick at heart, I must admit that I have seen many well-run AD directories. If you aren't already in the UNIX world for any good reason, AD is probably a logical direction. Many many companies have cut their directory services teeth this way. The disadvantage is that your Enterprise Directory is also your NOS, which can be a pain from a licensing perspective, if you want to store authentication-only users as well.

      FWIW, hope that helps...
      • AD does not scale well up into the million object range and beyond.

        Just trust me on this one. It's intended for the average case, not the huge-ass case. You find limitations on the number of GPOs. You find problems with everything when you start in with huge numbers.

        That said, if all you care about is Windows, AD is the easiest of all the options.
      • by Xerp (768138)
        Oracle has directory services too.

        Microsoft Exchange was mentioned, so you may be looking for something like Oracle's Collaboration Suite which, like Microsoft Exchange and Microsoft's Active Directory, features a Directory, Calendar, Tasks and Email system.

        100 users is a very small implementation, but even at these low figures you'd probably be surprised to find out that a market leader such as Oracle can provide a system that is actually much cheaper than Microsoft's!

        To be honest, if can can avoid locking
      • The Sun/iplanet ldap server has been bought by Red Hat and open sourced. You can find it here [redhat.com]

        "The disadvantage is that your Enterprise Directory is also your NOS, which can be a pain from a licensing perspective, if you want to store authentication-only users as well."

        Other disadvantages include cost, vendor lock, increased maintenance, and inability to interoperate.

        Finally I would also look at oracle, they too have a directory and an excellent groupware system which in many ways is superior to exchange.
      • Easy: Novell (Score:5, Insightful)

        by ImaLamer (260199) <john.lamar@g[ ]l.com ['mai' in gap]> on Tuesday September 20, 2005 @01:39AM (#13601965) Homepage Journal
        Novell - well if you are a Novell shop, you will use NDS. You will use everything else Novell has. It is sort of like joining a secret cult.

        Not true, you can use Novell's NDS (eDirectory, the LDAP server software) right on top of Linux, Unix, or Windows. The admin tools are almost all Java based or otherwise accessible so you aren't locked in there (clients and management tools for Linux, Unix and Windows). Novell can manage the rights, er permissions, er privileges for clients of any flavor (because a directory services solution is about managing the resources on the network) - and has less bloat and more security than Active Directory.

        Novell is my choice hands down. It isn't the nightmare product it used to be. Quite flexable, scalable and for all intents and purposes "open". This product actually follows standards! In my experience it also prices cheaper for clients than Active Directory, although you never know because I'm sure it has changed.

        The person who asked this question initially said that the only other option to Active Directory was A cobbled-together solution based as much as possible on OSS (as no direct equivalent exists)

        This simply isn't true. There is eDirectory and it's better! [novell.com] (PDF) Wake up people! It's 2005 and there is a better option out there and to top it all off they are a Linux company [suse.com] too.
    • Maybe not so easy. (Score:5, Informative)

      by jd (1658) <{moc.oohay} {ta} {kapimi}> on Monday September 19, 2005 @09:30PM (#13600971) Homepage Journal
      Let us say that you build a direct equiv. in Linux. "Impossible!" I hear you cry! Well, maybe not. Not unless you've cracked into my machine and installed an MP3 of yourself.


      Anyways, let us examine the different components and see how far OSS can take us. Maybe it can't go the whole journey, but if it can do some, then a hybrid solution will work.


      Open Groupware [opengroupware.org], SuSE's Open Exchange [novell.com] and OSER [freshmeat.net] will handle the Exchange part, including support for all those MS Exchange clients, such as Outlook.


      That just leaves the Active Directories part. ISC's DHCP [isc.org] supports Dynamic DNS. However, you may want to add in DHCP2LDAP [netfoo.org] to get a good link between DHCP and BIND. OpenLDAP [openldap.org] provides the LDAP implementation part. Kerberos [mit.edu] and DNS [isc.org] are easy (although some may quibble with my choice of Kerberos version!)


      Provided you're not planning on having both MS Active Directory and the above amalgam running, you should then be set to go with a comprehensive Active Directory lookalike which will interact with client systems in the same way Microsoft's software will.


      The problem I found is that there's almost no way of getting from a Linux solution -to- Active Directory. If AD is present, it must be a root server, which Linux CAN pull from.


      Do I recommend this kind of a setup? Probably not. The Exchange and Groupware stuff should be fine, but the Active Directory stuff isn't as coherent as it could be and I've heard of nobody who has completely replace AD with an Open Source solution, even though from a purely technical perspective it should be possible.

      • by Korgan (101803) on Tuesday September 20, 2005 @03:01AM (#13602220) Homepage
        May I introduce you to an opensource Directory solution that quite nicely replaces Windows Active Directory. Many moons ago it started life as just OpenLDAP but it is now become so much more.

        http://www.apple.com/server/macosx/features/opendi rectory.html [apple.com]

        Good ol' Apple.

        Darwin, *BSD, Linux, various Unixes. Builds with GCC and source is available under Apple's OpenSource license.

        Redhat's RHDS available on subscription for RHEL3 and RHEL4 is another. Based on Netscape Directory Services. Thats mostly available under the GPL now, called Fedora Directory Server.

        http://directory.fedora.redhat.com/ [redhat.com]

        Personally my favourite has been eDirectory. It may not be opensource or even free, but the little you do pay for it is definitely worth the product. Anyone skipping over it is either deliberately obtuse or just plain ignorant. Especially if they're willing to pay for Active Directory and all the costs that go with it (including licensing, security and maintence/administration) while receiving a far inferior product.

        Ultimately, Ask Slashdot is the worst place for the original poster to ask this kind of question. They need to sit down with people from various companies and vendors to get an idea of all available products. Many will happily discuss the requirements and work together with you to find the best solution, not just sell you a solution from a preferred supplier.

        Ask various engineering places in the district to submitt RFP's based on requirements you set. It doesn't have to be a multi-million dollar contract to get many interested. Companies are starting to really take notice of the SME market now days. Ultimately the have to. ;-)
  • En abyme (Score:3, Funny)

    by timeToy (643583) on Monday September 19, 2005 @07:34PM (#13600376)
    There is no directory service for directories services ?
  • 3. Mac OS X Server (Score:5, Insightful)

    by dgatwood (11270) on Monday September 19, 2005 @07:35PM (#13600389) Journal
    Considered Open Directory [apple.com]?

  • Other options? (Score:5, Interesting)

    by MonoNexo (843458) * on Monday September 19, 2005 @07:37PM (#13600398)
    What ever happened to Novell? I used that at the college I attended - web apps, email, directory, rempote access, etc. Is this no longer a valid option, or was it just forgotten on the above list?
  • Look at OpenExchange (Score:5, Informative)

    by adturner (6453) on Monday September 19, 2005 @07:40PM (#13600420) Homepage
    It's a standards based (LDAP) mail/groupware app which supports standard SMTP/IMAP clients as well as Outlook/Palm clients (for an additional fee).

    Seems competitively priced to Exchange and there's also a free pure OSS version available (although if you want offical support and a nice installer, you need to pay for it).

    http://www.openexchange.com/ [openexchange.com]

    I haven't personally used it, but I've been looking at it as an Exchange alternative (I really really hate exchange) for the small company where I work.
    • Open-Xchange uses OpenLDAP by default, though they claim any (standards-compliant) LDAP server can be plugged into it. And there is documentation of people plugging Samba into it, the way a Windows Domain Controller would plug into Active Directory.

      The LDAP datastore is kept separate from the rest of the data (which is in Postgres), and I've heard of some problems with "LDAP clients", like Evolution, which can't write Contacts to the server. Which allows those Contacts to get out of sync with Contacts enter
    • And is still available as a free (Beta) download here [openexchange.com].

      Don't know how long that will last and I image its not part of the OSS suite.

      I haven't used it but would like to do some testing with it at work. For more general directory type support (domain controller, etc) I'd look at Suse LINUX Enterprise Server with their Novell Open Enterprise [novell.com] (sorry thats a PDF). It uses Samba and LDAP, but its the closest thing to a usable AD "killer" I've seen so far.
    • Why hate Exchange? I've managed Exchange 2000 and 2003 for 5 years and I have loved working with it. Simple to setup and manage and loads of features. I've looked for a truly comprable OSS option and haven't found one that does nearly as much with the same ease.
  • STOP.... (Score:4, Insightful)

    by ellem (147712) * <ellem52 AT gmail DOT com> on Monday September 19, 2005 @07:40PM (#13600424) Homepage Journal
    just save yourself the trouble

    W2K3.

    Just shut up, buy it and be done with it. It'll hook up with whatever you're running and it is fine as long as you take the same precautions any decent Sys Admin would.
    • Re:STOP.... (Score:2, Insightful)

      by j-cloth (862412)
      You have to use the right tool for the job. In this case there is no directory server that can touch AD. Any other solution is just trying to replicate it.
      Exchange, I'm no so sold on, but it works and is well documented enough that you can do most of things with it that you will want.
      • Re:STOP.... (Score:4, Interesting)

        by aaronl (43811) on Monday September 19, 2005 @08:17PM (#13600628) Homepage
        Novell with NDS does all that AD does, and a lot more. It is an incredibly well designed directory server, and it existed before AD. The big reason to go with AD is because of group policy; I don't know if NDS has an equivalent to it.

        It might still be that W2k3 is the right tool, but please, have your information straight!
        • This is a troll?

          WTF?

        • Re:STOP.... (Score:3, Informative)

          by AngryElmo (848385)
          Along with Zenworks (an eDirectory enabled management application) you can have your group policies too! Buy Netware (or Open Enterprise Server - Suse SLES 9.0 + Novell services by another name) and you'll get all of the eDirectory and Linux goodness, plus DirXML which is a programmable metadirectory allowing synchronisation between eDirectory and whatever you want (including MS-AD)
      • In this case there is no directory server that can touch AD.

        Yes, but don't you want your directory server to interoperate with other systems? Isn't that the whole point? I'm half joking, but half serious as well; one of the main gripes I have with AD is the lack of customization that one can perform with it. It's great when you want to integrate it with Microsoft Remote Acess or Microsoft SQL Server or any of a dozen other Microsoft products, but try getting it to authenticate against opensource P2PP/PP

    • by Anonymous Coward
      W2K3 ... is fine as long as you take the same precautions any decent Sys Admin would.

      Myself being a decent Sysadmin, I can tell you my first priority is always to banish MS products to the extent possible. It takes time, but if you're starting from scratch this is an excellent opportunity to avoid future problems.

      Start by NEVER running anything mission critical under MS - especially a directory service.

      Continue by banning Internet Explorer companywide, and finish by

      Don't get me wrong; MS Windoze does have
      • Only on slashdot would this level of trolling be modded "insightful."

        Grow up. Is linux/OSX better than windows in some ways? Sure. How about you learn to prove a point without senseless bashing though?

        People might care when you talk like you know what you're talking about.

        Senesless flaming and trolling comes at a dime a dozen.
    • Re:STOP.... (Score:2, Interesting)

      by divisivemind (888140)
      Though I've never laid eyes on an OSS directory alternative to W2K3, I'd be surprised if it could be any either to use out of the 'box'. Another thing, if you plan to do some LDAP work, in say perl, modules exist that can add/remove/delete/etc from your AD that are rather painless to use. Automated account addition.... On a side note, for those in higher education, there is a good chance you have a campus-wide MSAD. Where I used to work, we kicked all students out of our domain and instead one way trusted
    • STOP.... (Score:4, Funny)

      by Alystair (617164) on Tuesday September 20, 2005 @12:56AM (#13601839)
      Hammer Time!
  • by Anonymous Coward on Monday September 19, 2005 @07:42PM (#13600439)
    Other Options to Consider:

    Novell:
    Linux Small Business Suite
    http://www.novell.com/products/linuxsmallbiz/ [novell.com]
    It includes edirectory, groupwise for email, suse enterprise server,Novell ZENworks Linux Management Client

    IBM (Lotus)
    http://www.lotus.com/lotus/general.nsf/wdocs/nd7co ntent [lotus.com]
    You can use Domino as an ldap server.
    Other IBM Software on Linux:
    http://www-306.ibm.com/software/os/linux/software/ [ibm.com]
    or
    http://www-1.ibm.com/linux/matrix/ [ibm.com]

    • I would second Domino. Exchange is definitely a lot more popular in the SMB space, but I think a pretty compelling argument can be made for Domino.

      I (along with one other admin) support around 9000 mailboxes for a F500 on Domino 6.5 on Linux. We still have plenty of time for other projects. Exchange is easier to set up, but Domino is far easier to keep running. (try manipulating messages in an active mail queue in Exchange.)

      The major complaint about Domino is the unappealing client. I happen to like it, but
  • Novell NDS (Score:3, Interesting)

    by kalibyrn (699826) on Monday September 19, 2005 @07:43PM (#13600443)
    There's also Novell's NDS... That could be your third option perhaps...
  • by joelleo (900926) on Monday September 19, 2005 @07:43PM (#13600446)
    What exactly is the newly merged company doing? Is it supposed to be geeky-cool? Is it doing something totally unrelated to computers or technology? Is the IT infrastructure just a means to an end - users getting their work done?

    If the company is trying to do something geeky-cool, you may be best served by using a "cobbled-together" open source architecture. It'll show your boy's and girl's prowess on the console and could be used as a Hercules-on-a-pedestal showcase for your talents.

    On the other hand, in either of the other two cases, you're most likely going to be using MS on the desktop and your people aren't going to care that you've implemented OpenLDAP as long as their Word, Excel and Outlook work. In this situation, as has already been noted, you'd probably be best served by implementing Windows Server 2003 + Active Directory. An additional benefit is the expertise is relatively cheap and available, and may already be in-house with your amalgamated IT staff.

    Good luck!

    • by benjamindees (441808) on Monday September 19, 2005 @08:09PM (#13600583) Homepage
      may already be in-house with your amalgamated IT staff.

      Or there very likely isn't an IT staff, almagamated or not. Three companies that join to form 100 employees, with poor infrastructure, typically means one company of 50 employees and a "Windows admin/something else" and two companies of 25 employees each that paid somebody to setup their networks five years ago and have since just watched it deteriorate.

      It sounds like the inquisitor is about to inhereit a huge mess without necessarily the skills or resources to deal with it. If that's the case, I'd suggest taking a long-term approach:

      1) Decide who will manage the network (this is a full time job),
          A) if it's you, then
                i) choose what you're most comfortable with, else
          B) if it's not you, then
                i) put an ad in the employment section, outlining your requirements in a non-specific way, contact outsourcing firms, and take applications.

      You may be suprised at what you get. Linux and Open Source can save a ton of money and hassle long term, especially when implemented from scratch, but you have to know what you're doing. If you don't know or aren't sure, get help. A company of 100 employees can easily justify having two admins, especially when combined with the savings Linux and OSS are capable of.
      • by Penguinshit (591885) on Monday September 19, 2005 @08:38PM (#13600724) Homepage Journal

        Cost is definitely a major factor here.

        While going the W2K3 route would be easy and very functional, one has to take into account the cost of the eventual [forced] upgrades. A company of 100 folks probably isn't turning a wild profit in terms of real money, and what money there is will undoubtedly get funneled into R&D or advertising or SomethingOtherThanITInfrastructure. This is where the long-term cost savings on a "cobbled" solution will pay off handsomely.

        The decision is best made right now.

        • Troll?

          I dare that coward asshat who modded me troll to come out from under his/her rock and prove the honesty of that mod.

          I guess that person never heard of the "Software Assurance" program from Microsoft that forces upgrades every two years (with the alternative being a highly-inflated upgrade price whenever one is eventually required to upgrade). Everything else I said comes directly from my decades of personal experience in administering Microsoft and Unix/Linux (as well as Mac) networks.

          I've got
          • I guess that person never heard of the "Software Assurance" program from Microsoft that forces upgrades every two years

            Software Assurance is not mandatory. There are quite a few companies (probably the majority) who don't use SA. Mine doesn't. Upgrades are still cheaper than buying new, but most companies aren't all that keen on constantly upgrading, and the ones that are will go with SA. Most companies buy new hardware, and buy it with and OS and applications they will need. The hardware runs and
        • This is where the long-term cost savings on a "cobbled" solution will pay off handsomely.

          But will the "cobbled" solution scale properly when the company of 100 folks becomes a company of 5000 folks distributed worldwide? Unplanned-for growth can be messy in "cobbled" systems, and if you take the time to develop a solution that will grow well, then you might be devoting too many resources to the IT infrastructure.

          Also, in a company of 100 folks, how many will be in the IT department? What will happen when
  • by LnxAddct (679316) <sgk25@drexel.edu> on Monday September 19, 2005 @07:44PM (#13600454)
    Use Fedora Directory Server or Red Hat Directory server. It is derived from the acclaimed Netscape Directory Server. It is easy to set up, scalable and *just works*. For groupware just use phpGroupware or something. If all you need is mail access, I recommend Roundcube for the web access, it uses Ajax to give a nice user experience akin to Yahoo or Gmail. Keep an eye on the Hula Project too, it looks like when a release it made it will be real nice.
    Regards,
    Steve
  • Also check out Fedora Directory: http://directory.fedora.redhat.com/wiki/Main_Page [redhat.com]
  • NDS (Score:3, Informative)

    by discordja (612393) on Monday September 19, 2005 @07:48PM (#13600470)
    I'm sure some /.ers can give you a better view of the quality of Netscape Directory Server but from the rumblings I've heard it's a complete package and it's pretty damned amazing (not to mention it supposedly scales through the roof).

    You can check out the documents here [redhat.com]
  • Novell (Score:5, Informative)

    by Anonymous Coward on Monday September 19, 2005 @07:53PM (#13600492)
    I don't know what your selection criteria are, but it seems to me that you have another choice: Novell's products. More specifically:
    1. Directory Services: eDirectory. It runs on multiple OS platforms such as Windows, Linux, NetWare, Solaris, etc. It is more robust than AD, particularily across wan links (viz. replication). And of course it is LDAP v3 compliant so nearly any LDAP client can use it for authentication and authorization.

    2. Open Enterprise Server, Linux and NetWare. For hosting your file and print services. You get the best file system out there - NSS - on either platform. Real ACL's and vastly more refined trustee assignment and inherited rights filtering capabilities than any other filesystem.

    3. Groupware/Messaging: I am less experienced in the alternative offerings in this catagory, but I believe that Novell has a decent product in GroupWise 7, which runs on Windows or Linux or NetWare.

    Again I don't know what your selection criteria are, but you may have skipped Novell due to lack of awareness...

    Cheers.
  • XAD (Score:5, Informative)

    by lukehatpadl (818089) on Monday September 19, 2005 @07:53PM (#13600499)

    Try XAD [padl.com] from PADL.

    To Windows clients, it acts as an Active Directory domain controller, so it supports Kerberos authentication, group policies, etc. It also includes RFC 2307 support for seamless integration of Linux/UNIX clients.

  • Try Solaris (Score:3, Informative)

    by tonyr60 (32153) on Monday September 19, 2005 @08:00PM (#13600536)
    Download Solaris for free. It includes LDAP plus Samba etc. Includes fairly easy admin tools (for example webmin) The LDAP is first class and integrated fully with the OS and Samba. You can do it all and nothing is "cobbled together".
  • cobbled-together? (Score:5, Informative)

    by AstroDrabb (534369) on Monday September 19, 2005 @08:00PM (#13600539)
    2. A cobbled-together solution based as much as possible on OSS (as no direct equivalent exists).
    Well, it sounds like you are an MS-Only type guy with limited experience outside of the proprietary MS-World. There are some excellent solutions that run under Linux. Have you looked at Novell GroupWise [novell.com]?
    Novell GroupWise is a complete collaboration software solution that provides information workers with e-mail, calendaring, instant messaging, task management, and contact and document management functions. The leading alternative to Microsoft Exchange, GroupWise has long been praised by customers and industry watchers for its security and reliability
    GroupWise is cross platform, unlike MS Exchange/AD. GroupWise has plenty of free tools to help you along the way like:
    • GroupWise Migration Utility 2.0.1 for Microsoft Exchange
    • GroupWise PDA Connect 1.0 SP1 Multi Lingual
    • GroupWise Import Utility 2.0 for Microsoft Outlook
    • GroupWise Gateway 2.0 for Async Connections
    • GroupWise Gateway 3.0 for Lotus Notes
    Just check out Novell [novell.com] to see some of their products (no, I do not work for Novell, I just like some of their products).

    Also, there are some really great LDAP/IMAP type solutions you can put together under Linux for zero cost. Obviously this option requires someone more capable than your typical point-n-click "MS-Admin". It would take one employee with the ability to read a book or some docs. Though, I know your typical point-n-click "MS-Admin" wants to be able to just put in a CD and let AUTO-RUN do all the "hard" work for them.

    If I personally owned a small company with ~100 employees, I would rather have one talented admin that could handle *nix/Win than 2-3 point-n-click MS "admins". If you added up the salaries, that one guy would cost you less than the 2-3 less capable point-n-click MS "admins". TIJMO (This is just my opinion).

    • If he's going to go with Groupwise, he might as well use Novell's dir services.
    • We use Novell Netware and Groupwise where I work. I can't say it enough - I absolutely HATE Netware and Groupwise. Novell's QA went out the window years ago - we've been running it for 3 years, and it still crashes network-wide at least once a week, even with Novell techs in working on the server and the crashes. Not to mention it's a royal pain to manage (there are at least 3 different user/object administrator tools, and none of them do everything). There are also major issues with stuff like NDPS (you c
      • Re:cobbled-together? (Score:2, Informative)

        by ThisOrThat (832791)
        That's odd. We use Novell for all user storage/printing/groupwise/etc for thousands of PCs and have none of the issues you list.

        Which version of NetWare are you on?

        The college is went to a number of years ago used NetWare (and still do) and it works very well for them.

        At work we have edir and AD integrated, edir being the main directory. I mostly work with HPUX/AIX/Linux but have done a little NetWare stuff in the past. I don't know about current QA at Novell but we don't seem to have many issues that I can
  • by graphicartist82 (462767) on Monday September 19, 2005 @08:02PM (#13600548)
    I've just started to take a look at Fedora Directory Server [redhat.com]. It is very easy to set up and with the GUI manager, it seems about as easy to manage as Microsoft AD.
  • Why, again? (Score:3, Interesting)

    by Dunkirk (238653) <david&davidkrider,com> on Monday September 19, 2005 @08:03PM (#13600551) Homepage
    Why are those your "stark and clear" choices? I know, for example, that there are solutions from Novell, SuSE, and Sun, without even thinking about it. Are there more factors involved here than just "we need a directory?" Given a clean sheet of paper, I'd be using eDirectory, since it's completely (according to the marketing papers -- I've never used it) cross-platform.
  • I do some implementation projects for an IBM reseller who does implementations on the iSeries platform, and they push (and I implement as the consultant, go figure) a lot Samba + Bynari to the point that I was actually convinced myself and bought myself a few lics for Bynari.

    The nice part about Bynari is that they have great support, and they are continueously improving their product, and they use open technologies (OpenLDAP/Cyrus/Postfix) so its easily hackable. The Outlook IMAP connector rocks, and so

  • Novell (Score:3, Informative)

    by RabidMonkey (30447) <canadaboy AT gmail DOT com> on Monday September 19, 2005 @08:19PM (#13600640) Homepage
    Theres always EDirectory ... it runs on sles9 now (as of version 7). All the joy of NDS, but it runs under Linux (and windows, and netware if you want).

    I'm going to a Zenworks 7 thingy on Wednesday .. if you want more information about running edirectory under linux, email me and i'll pass along what I find out.

    it's not just about OSS and Windows .. there are other products there. NDS is far superior to AD, so consider it as well.
  • I've looked briefly into this, at a much smaller scale--I just wanted something where I can have a centralized email server that receives my home and work email, and allows me to access that mail from home and work, securely, using regular email clients (no webmail).

    What puzzled me was how to get information into the directory. Say I receive an email from bob@sub.genius, and he is not in my directory. All the common email clients seem able to consult a directory, such as an LDAP server, but none seemed

  • We use Scalix [scalix.com] which authenticates against OpenLDAP. They are a commercial solution, but their software is very opensource friendly and their support is very good (including pulic forums). We also have Tomcat, Apache, PAM, PPP/CHAP (for Remote Access with L2TP/PPTP), OpenSWAN (ipsec), Samba and custom applications authenticating against LDAP. Our centralized directory system is all home-brew, but this also gives us a lot of flexibility (we have 5 different password hashes for various systems!). It's not
  • by drsmithy (35869) <drsmithy@nOSPam.gmail.com> on Monday September 19, 2005 @08:26PM (#13600677)
    If you do, AD is your only realistic choice. Group Policy alone justifies using it.

    Added to that, it's not especially difficult getting Unix machines to talk to AD for authentication and other information (it's just LDAP, after all).

    It's a hell of a lot easier to integrate and manage a handful of unix machines in a Windows environment than it is to integrate and manage a hundred Windows desktops in a unix environment. IME, that's typically the scenario (unix servers for mail, fileserving, DB, etc and Windows desktops).

  • by mgpeter (132079) on Monday September 19, 2005 @08:34PM (#13600700) Homepage
    Suse Linux Enterprise Linux 9 should have everything you need. It sets up and stores just about everything in LDAP. It is extremely easy to configure and maintain. Yast's Email Server module will setup Postfix/Cyrus/IMAP for you, hell it even installs Antivirus and Spam filters for you.

    If you need to control Windows Clients simply create custom Policies for Microsoft's System Policy Editor (or use mine at my web site).

    I have currently replaced 5 Windows Servers with SLES9 and have not had a single problem. IMO it is much easier to maintain/use than anything MS has released in the server department.
  • by mrscott (548097) on Monday September 19, 2005 @08:35PM (#13600711)
    Before I write, I should say that I'm in no way opposed to open source and use it where appropriate.

    If you want something very well supported, not horribly difficult to administer in a simple environment and tried and true, just go with Active Directory and Exchange, especially if your company's focus is on something other than providing unique technology solutions. (i.e. you sell baskets)

    While the open source solution might cost less up front, there is nothing in open sourece land at present that can touch the Exchange/Outlook combination. Sure, there are products such as OpenExchange, but, let's assume that you want the option to easily add other services later on, such as true handheld synchronization (i.e. www.good.com)

    I know it can be sacrilege on Slashdot to not promote an open source solution every time, but sometimes, the business side of the house is more important than a cool technology solution.
  • Those all suck, get eDirectory, which rules.
    And it runs on linux.  And it's cheap!
  • I don't see why a solution based on OpenLDAP, MIT/Heimdal Kerberos and (if you really need it) Samba would be "cobbled together". Would you mind expanding on that?

    As I see it, each of these programs perfectly implements the standard it was designed for, and the directory service you get by combining them is just that: a directory service. It seems to be fulfilling the intended purpose perfectly.

    Is the "cobbled-togetherness" a result of them not being shrink-wrapped together into a product with a single

  • There are some things OSS is good at, and there are some things that Microsoft is good at. Exchange is one of them.

    Ask your business what its objectives for the new system are. Keep these in mind when you select products and design a solution.

    Now back to solution mode. You can have a minimal three site AD and Exchange system set up in less than a day from bare metal servers. As long as you have adequate bandwidth (about 64 kbit/s will do for minimal acceptable performance for 100 users), it just works. Just
  • One person who isn't sure what to do probably shouldn't be handling this on his own (I say probably on the off-chance that you're a competent genius, in which case you wouldn't have asked /.). What you really need to decide is if you want to do Windows or OSS, and then hire a good firm to implement the system and train the IT staff to use it.

    So call IBM.
  • Novell? (Score:2, Interesting)

    by sjs132 (631745)
    What, Just rule them out? They've been doing Active directory and groupware LONG before Microsoft decided to emulate (steal) the ideal...

    Novell 6.5 is the latest, and I can lock out users based on windows policies, etc.. just like MS active dir... assign various sub admins to rule over their own dept, etc... AND Groupwise (IMHO) is a great email/calender app... (Groupwise 7 is supposed to be better, but I haven't gotten to play with it yet...)

    AND they are starting to move everything over to Linux via SUSE L
  • by DorkFest (857124) on Monday September 19, 2005 @09:26PM (#13600958)
    We implemented Apple Open Directory, serving ~400 users, using four Xserves and and two Xserve RAID's. We're using Apple's mail services, file, web, web log, and VPN service.

    So far, things have gone better than I expected. We are authenticating Mac, Windows and Linux PC's, all of which can access the same home directory. The Open Directory master server also acts as the Windows PDC and serves up roaming profiles for Win XP clients.

    What I've been hounding my Apple rep about is the lack of a real group callaboration suite. The pieces are there; iCal, Address Book, Jabber, Cyrus/Postfix. They need to be brought together in an Exchange/GroupWise sort of fashion. We are still using Steltor Corporate Time (now Oracle Collaboration Suite) for calendaring, task lists, and shared contact lists. I'm watching the Hula project closely. Rumor has it Apple is shopping around for a comprehensive group collaboration system. Hula might be it! Zee dork
  • Anything but Novell (Score:3, Interesting)

    by sameat (690266) on Monday September 19, 2005 @09:30PM (#13600973)
    I'm afraid I can't help answer the initial question, but I have to caution you strongly regarding all of the suggestions for Novell products.

    I live the Novell dream everyday, and "cobbled together" would be a generous description of their products and services. This is a company with a time honored tradition of rendering promising technologies useless. They handed most of the market to MS on a silver platter.

    Before you consider Novell too seriously, look through the forums at forums.novell.com, be sure ask about your support options , and try to get a feel for the staffing and training required for a network of your size and scope.

    Stick with your inital instincts, just remeber that very few Novell products are actually Open Source.
  • I hate to say it but this is pretty darn good. If starting from scratch then this is easier than open source solution and cleaner and more integrated. Sharepoint brings together exchange, web stuff, calendars, share and individual todo lists etc in a fairly new and integrated way and is very fast. Underneath it's mostly the same Exchange and Active Directory stuff. We just rolled it out to 450 people over multiple sites and it was painless - just needs some design work up front for how to organise data.

    Nove
  • by ezs (444264)
    Don't confuse your application choice with your platform choice.

    Look at using Novell NetMail [novell.com] with Novell eDirectory.

    It's fast, cost effective, standards based, scalable - and it runs on Linux, Windows, Solaris - or even NetWare.

    For 100 users it will be just great.

    If you want open source - and depending on your acceptance of 'newness and risk' - look at Hula [hula-project.org] - again based on the NetMail codebase.

  • Mac OS X Server (Score:4, Informative)

    by Aron S-T (3012) on Monday September 19, 2005 @10:17PM (#13601214) Homepage
    Cheap - $1K for an unlimited server license, and the Xserves come with the license and are great performers in their own right and cost-effective.

    It has ease of use GUI goodness, with a full open source stack underneath: supports Open/LDAP directory services, single sign-on, kerberros, email, calendering (via WebDav), file services (via Samba for Windows and Linux), CUPS, Apache, DNS, Mailman - the list goes on and on. It plays extremely well in mixed environments and is extremely easy to administer - no steep learning curve.

    It's far cheaper than all the other alternatives, including Novell and RH, not to speak of Microsoft. And soon you will be migrating all your users to OS X boxen as well once you see all the advantages.

    I have done administration on all the other alternatives and I'm far from an Apple fanboy, so don't start flaming me on that score.
  • As this is my First! Slashdot! Post! Ever! (R), I'm hoping to avoid any crass errors in style or etiqutte..fortunately, based on some posts I've read over the years, there'a a pretty high bar. (Hopefully, smartass jokes are also OK.)

    I've done a lot of work with a range of customers on implementing and maintaining directory infrastructure, mainly centered around Lotus Domino and the IBM Directory Server. To start the shameless plug, I'll say that based on your criteria - directory services and a groupware/m
  • by morcego (260031) * on Monday September 19, 2005 @10:44PM (#13601330)
    I would not entirely discart Novell eDirectory.
    It is specially interesting on a mixed environment solution, and it does provide some interesting possibilities when coupled with Novell Client.

    The pricetag is also VERY attractive.
  • Stark and Clear? (Score:2, Insightful)

    by clarkeb (728725)
    What do you base your stark and clear choices on? Banyan was the first company to come up with directory services. Novell really took directory services to the next level when it came out with NDS and NetWare 4. Wow one place to manage users, servers, printers, file system, DNS and DHCP, pretty cool. Well, Microsoft not to be outdone started calling NT's domain a directory so that they could compete with Novell. Novell threatened to sue MS about the false information on the MS web site about NT's "directory
  • Novell is all-in-one (Score:3, Interesting)

    by digidave (259925) on Monday September 19, 2005 @11:08PM (#13601415)
    Their directory far surpasses AD. You can also look into Netscape Directory.

    For groupware, check out Zimbra (http://www.zimbra.com/ [zimbra.com]). The Flash demo is great.

It was kinda like stuffing the wrong card in a computer, when you're stickin' those artificial stimulants in your arm. -- Dion, noted computer scientist

Working...