Open Source X.500 Directory Projects? 19
DangerTenor asks: "The United States Government is standing up a Bridge Certificate Authority to enable PKI Interoperability between different agencies (gov't and non-gov't). The PKI currently relies on the use of either meta-directory products or X.500 DSP Chaining in order to pass certificates and CRLs between directories. OpenLDAP doesn't fit the bill because it doesn't support chaining. Does anyone know of open source projects focused on full X.500 directory implementation, or on meta-directory capabilities?"
ISODE/quipu (Score:4, Informative)
Most of this stuff comes out of and is maintained in Europe. As the RFC 1330 says, [zvon.org]
"The ISODE is not proprietary, but it is not in the public
domain. This was necessary to include a "hold harmless"
clause in the release. The upshot of all this is that anyone
can get a copy of the release and do anything they want with
it, but no one takes any responsibility whatsoever for any
(mis)use."
You can still find the latest downloads via FUNET [funet.fi].
Be aware, this stuff is a major effort to compile and get working. It's big and complex, but well documented. Have fun, and let me know when you get dish -user "@c=$(COUNTRY)@o=ORG@cn=Manager" to give you a prompt.
Re:ISODE/quipu (Score:1)
I figure X.?00 was wrong in '92, why should it be right today?
Sorry, not open source. But.... (Score:2)
-- Do you count? [li.org]
Porting the CAM to Linux? (Score:2)
Chaining in OpenLDAP (Score:1)
There's an old RFC... (Score:1)
There's an old RFC that discusses this very thing: rfc2116 [roxen.com]
It's from '96, so it's probably incredibly out of date, but it might be a good place to start?
Other problems (Score:3)
A much larger problem with OpenLDAP is scalability. OpenLDAP will not handle a large number of entries (+100k). OpenLDAP is a reference implementation of the LDAP RFCs and I don't think Kurt plans to complicate the implementation with what's required for scalability (connection pooling etc.).
The only usuable X.500 compatible directories other than OpenLDAP are all closed-source. Many are free though. I'd recommend taking a look at IBM Directory and Novell's eDirectory. There is much more involved in getting a directory environment going and having worked on Linux directories for IBM, I would of course recommend that out-source to experts to get things going
APPLE ? (Score:2)
have a look at
http://developer.apple.com/darwin/projects/open
I dont think its X.500 but they might have a plugin
regards
John Jones
Re:APPLE ? (Score:2)
OpenDirectory is more akin to ADSI in that it is an abstraction for accessing resources within a directory. It still relies on OpenLDAP for X.500 directory stuff.
While not really announced yet, there's been a lot of talk about future integration of various components to create a much better open source directory services offering. Keep an eye on Samba and IBM in the future.
Re:Other problems (Score:1)
Tested.
If you need help getting more than 100k entries, I'm sure something could be arranged for a consulting fee.
You might be SOL (Score:1)
Novell and iPlanet both sell working directory servers, but I don't know how well they support PKI, although I do know iPlanet supports SASL.
In any event, consider that there may not be a solution in this case. You are talking about a very specialized field with an audience which is corporate almost by definition.
LDAP standards are going the X500 way (Score:1)