Searching for a Directory Service Solution? 367
kumulan wonders: "I've got the responsibility to set up directory services as well as a messaging/groupware system for my organization of app. 100 employees spread out over three locations. We are a startup that is merging three existing smaller companies and, given the state of existing IS infrastructure at each of these locations, the decision has already been made that we are better off starting from scratch. It would be great to hear from Slashdot readers concerning which option is 'better' and why."
"For me, the choices are stark and clear:
- MS Exchange/Active Directory
- A cobbled-together solution based as much as possible on OSS (as no direct equivalent exists).
- Samba/OpenLDAP/Kerberos
- Bynari Insight Server for messaging/groupware.
- Nitrobit Group Policy for, you guessed it, group policy management.
Easy. (Score:5, Insightful)
I forget who said it but "OSS is free like a puppy is free". You need to have the staff to tend to the care and feeding. In the Detroit area at least, Windows guys are a dime a dozen. Competent Windows guys, while a bit more rare, are still easier to find than experienced Linux admins. (Of course, I'm looking at your question from a business consulting standpoint. If you're looking more for a technical recommendation, there's a lot more people here better qualified than me.)
Re:Easy. (Score:5, Insightful)
Sure, it may require a fine tooth comb and/or training to get some qualified Linux guys on board, but I doubt that compares with the expense of purchasing the Microsoft solution.
Re:Easy. (Score:5, Interesting)
And it's not as cheap and easy to get quality techies as you might think. Putting your existing staff through a boot camp is only the tip of the iceberg expense-wise, and it's a very inefficent solution.
Re:Easy. (Score:2)
A lot of techies forget that technical and business interests sometimes conflict. In such cases, business interests always need to be given a greater priority.
Re:Easy. (Score:2)
Re:Easy. (Score:2)
What I mean by this is if you're on some SA plan or Open license (I deployed quite a few MOLP), and you wanted Office AND Exchange, you still had to buy the Standard Office Suite AND Exchange CALS so you ended up buying licenses for Outlook twice.
Now you can look at that a couple of ways. You buy an Exchange CAL and you get access to it (
AD is no silver bullet (Score:3, Interesting)
We just had Active Directory rolled out here. Our performance problems were so bad we had to hire Microsoft consultants to try and figure it out - and these people from the company that makes the product took over a month to actually come up with a solution that ran only half as quickly as our old Novell system. Admittedly, it's a much bigger system than 100 users (and
SunONE Directory Server (Score:3, Informative)
In case you're not familiar with MMR, think about your normal scenario. Maybe you have 1 master server and 2 slaves, one for each physical location. with MMR, you quite literally have 3 master servers, all of which can be updated and will push the changes to the others. This means no more worrying about losing
Re:SunONE Directory Server (Score:3, Informative)
What that means is that you don't tie up your WAN link with unnecessary directory traffic sending sync messages when they aren't necessary.
What I find amazing is that people just reject eDirectory too often because it is from Novell. It is fully LDAP v
Re:Easy. (Score:5, Insightful)
MS's newest/latest/greatest has a large learning curve as well. You old MCSE who knows Windows Domains will have just as much trouble learning Active Directory as he would have learning Samba 3.
I've trained MCSEs in open source technology - about 50% do just fine. The otheres were paper MCSEs and sucked at Windows too.
Re:Easy. (Score:2, Insightful)
I've trained MCSEs in open source technology - about 50% do just fine. The otheres were paper MCSEs and sucked at Windows too.
Ok, so you're saying techies trying the latest and greatest without any training fail more often than the users who received your training in OSS solutions? So, obviously, the parent s
Re:Easy. (Score:5, Insightful)
A good tech should not be afraid of discovering and learning any system he or she might put their hands on, because part of being a good tech is learning how to keep your mind open and troubleshoot a problem. It doesn't matter if the problem is Windows, Linux, or a coffee maker -- you use the tools that you have to do the best job you can.
I am a programmer for a living, but I also do double time as a technician. I am just as comfortable configuring Windows Server 2003 as I am with Novell Netware 6.5, or any flavor of Linux. I don't see it as my job, or my passion, to devote myself to one platform. My job is to help people with computers and give them advice on what solution works best for them. Of course, I have a primary area of expertise, but that doesn't stop me from learning on my own.
Re:Easy. (Score:4, Insightful)
This is probably true for new guys learning an in-place system or a few new systems added to the familiar core network, but far less true for a bunch of newbies (to the system in question) trying to design something good from scratch.
A good ADS guy will know how to design a good forest, he'll know how to acquire and install the necssary patches, he'll know how to set up a secure systems and he'll know the quality sources of help when he needs them. He'll know which built-in and third party utilities will save his bacon and he'll know what to check on if stuff stops working.
The only thing that will teach an MS guy how to do all this with Open Source is experience. The only way he'll get that is with a bunch of time working with the products in question.
In other words, it's dangerous as hell to trust your brand new network with a bunch of noobs. Even if they're very bright noobs who will catch on quickly, you take quite a risk while they're doing the catching on. Put a bunch of these guys under a couple of experienced people and they'll likely do ok with the new network, but if you don't have that experience on hand you're begging for trouble if you uproot a known system and throw a bunch of new stuff in to replace it.
TW
Re:Easy. (Score:2, Informative)
As for a groupware solution, I currently use egroupware ( http://egroupware.org/ [egroupware.org] ), which is fairly mature, can authenticate to ldap, and can be used both over the web and thorugh
Re:Easy. (Score:5, Interesting)
As far as admins go studies have shown that unix admins on average maintain more servers per admin then windows admins. You may be able to do with one unix admin as opposed to two windows admins.
windows machines as a rule run less services per machine then unix machines do. This means more servers, which means, more servers to patch, keep up to date, backup, and admin.
Finally the perenial problem of backups and bare metal recovery. This is trivial in unix but costs thousands if not tens of thousands of dollars for windows.
There is a lot to think about. Just saying I have used windows XP before so i can maintain a active directory/exchange environment is plain old stupid.
Re:Easy. (Score:4, Insightful)
I worked at Major Software Company in the Bay Area (tm), and their LDAP/Kerberos/Jabber/SMTP infrastructure worked very well, but of course, there were armies of admins to make things run smoothly. It was not without hiccups - but most if not all of the hiccups were minor (failed hard drives, etc.) and remedied within 20 minutes.
My vote is for LDAP. You can do so much with it - authenticating users on your web apps is a cinch, directory lookups are easy, it integrates with every piece of mail client software, and it's free. Just my $.02.
Re:Easy. (Score:5, Informative)
IBM has directory services.
Sun has directory services.
Novell has directory services.
My thoughts:
- the problem with IBM's directory is that it sits on top of DB2. This abrogates one of the coolest parts about directories - that you don't need a DBA. And a mistuned IBM directory is an ugly, ugly thing.
- the Sun/Netscape/iPlanet/SJSDS-whatever-they-call-it-
- Novell - well if you are a Novell shop, you will use NDS. You will use everything else Novell has. It is sort of like joining a secret cult.
- OSS - I would consider this an advanced option. My suggestion is, if you know nothing about directory services, that you would be better off with something a little more... packaged. I'm sure many here will rabidly disagree with me, but I certainly would consider that choice as risky. A second issue is that many LDAP-enabled products that you may wish to run on top of your directory layer (provisioning, WSSO, etc) only support commercial directory servers.
- Microsoft - well, you're probably going to have to install this one anyways, in order to get a LAN. Although I'm a unix chick at heart, I must admit that I have seen many well-run AD directories. If you aren't already in the UNIX world for any good reason, AD is probably a logical direction. Many many companies have cut their directory services teeth this way. The disadvantage is that your Enterprise Directory is also your NOS, which can be a pain from a licensing perspective, if you want to store authentication-only users as well.
FWIW, hope that helps...
Re: (Score:2)
Re:one caveat (Score:5, Informative)
AD does not scale well. Senior Mgmt wanted to move from eDirectory to AD due to some price breaks on desktop os and MSOffice for over 50000 employees... so we made the attempt with Microsoft in house providing consulting services... they eventually admitted even they couldn't get it stable in our large distributed environent... during the one year migration troubleshooting process we had contractors restarting servers in hundreds of locations around the clock.
We're now back on Novell eDirectory with Open Enterprise Server and stable again.
Re:one caveat (Score:4, Insightful)
You obviously haven't worked with the management I have. Most decisions seem to be made based around golf buddy opinions rather than technical superiority.
Re: (Score:2)
Re:Easy. (Score:2)
Microsoft Exchange was mentioned, so you may be looking for something like Oracle's Collaboration Suite which, like Microsoft Exchange and Microsoft's Active Directory, features a Directory, Calendar, Tasks and Email system.
100 users is a very small implementation, but even at these low figures you'd probably be surprised to find out that a market leader such as Oracle can provide a system that is actually much cheaper than Microsoft's!
To be honest, if can can avoid locking
Re:Easy. (Score:2)
"The disadvantage is that your Enterprise Directory is also your NOS, which can be a pain from a licensing perspective, if you want to store authentication-only users as well."
Other disadvantages include cost, vendor lock, increased maintenance, and inability to interoperate.
Finally I would also look at oracle, they too have a directory and an excellent groupware system which in many ways is superior to exchange.
Easy: Novell (Score:5, Insightful)
Not true, you can use Novell's NDS (eDirectory, the LDAP server software) right on top of Linux, Unix, or Windows. The admin tools are almost all Java based or otherwise accessible so you aren't locked in there (clients and management tools for Linux, Unix and Windows). Novell can manage the rights, er permissions, er privileges for clients of any flavor (because a directory services solution is about managing the resources on the network) - and has less bloat and more security than Active Directory.
Novell is my choice hands down. It isn't the nightmare product it used to be. Quite flexable, scalable and for all intents and purposes "open". This product actually follows standards! In my experience it also prices cheaper for clients than Active Directory, although you never know because I'm sure it has changed.
The person who asked this question initially said that the only other option to Active Directory was A cobbled-together solution based as much as possible on OSS (as no direct equivalent exists)
This simply isn't true. There is eDirectory and it's better! [novell.com] (PDF) Wake up people! It's 2005 and there is a better option out there and to top it all off they are a Linux company [suse.com] too.
Maybe not so easy. (Score:5, Informative)
Anyways, let us examine the different components and see how far OSS can take us. Maybe it can't go the whole journey, but if it can do some, then a hybrid solution will work.
Open Groupware [opengroupware.org], SuSE's Open Exchange [novell.com] and OSER [freshmeat.net] will handle the Exchange part, including support for all those MS Exchange clients, such as Outlook.
That just leaves the Active Directories part. ISC's DHCP [isc.org] supports Dynamic DNS. However, you may want to add in DHCP2LDAP [netfoo.org] to get a good link between DHCP and BIND. OpenLDAP [openldap.org] provides the LDAP implementation part. Kerberos [mit.edu] and DNS [isc.org] are easy (although some may quibble with my choice of Kerberos version!)
Provided you're not planning on having both MS Active Directory and the above amalgam running, you should then be set to go with a comprehensive Active Directory lookalike which will interact with client systems in the same way Microsoft's software will.
The problem I found is that there's almost no way of getting from a Linux solution -to- Active Directory. If AD is present, it must be a root server, which Linux CAN pull from.
Do I recommend this kind of a setup? Probably not. The Exchange and Groupware stuff should be fine, but the Active Directory stuff isn't as coherent as it could be and I've heard of nobody who has completely replace AD with an Open Source solution, even though from a purely technical perspective it should be possible.
Re:Maybe not so easy. (Score:5, Informative)
http://www.apple.com/server/macosx/features/opend
Good ol' Apple.
Darwin, *BSD, Linux, various Unixes. Builds with GCC and source is available under Apple's OpenSource license.
Redhat's RHDS available on subscription for RHEL3 and RHEL4 is another. Based on Netscape Directory Services. Thats mostly available under the GPL now, called Fedora Directory Server.
http://directory.fedora.redhat.com/ [redhat.com]
Personally my favourite has been eDirectory. It may not be opensource or even free, but the little you do pay for it is definitely worth the product. Anyone skipping over it is either deliberately obtuse or just plain ignorant. Especially if they're willing to pay for Active Directory and all the costs that go with it (including licensing, security and maintence/administration) while receiving a far inferior product.
Ultimately, Ask Slashdot is the worst place for the original poster to ask this kind of question. They need to sit down with people from various companies and vendors to get an idea of all available products. Many will happily discuss the requirements and work together with you to find the best solution, not just sell you a solution from a preferred supplier.
Ask various engineering places in the district to submitt RFP's based on requirements you set. It doesn't have to be a multi-million dollar contract to get many interested. Companies are starting to really take notice of the SME market now days. Ultimately the have to.
En abyme (Score:3, Funny)
3. Mac OS X Server (Score:5, Insightful)
Re:3. Mac OS X Server (Score:3, Insightful)
Re:3. Mac OS X Server (Score:2, Informative)
Well, it's a bit more than that. With a few button clicks you can have a fully functioning Directory Service with OpenLDAP and Kerberos. You get password policies, single sign on for everything from mail to smb to web, and you even get a one click samba pdc.
The only thing it lacks is the groupware support. Firstclass or any
Re:3. Mac OS X Server (Score:5, Informative)
Open Directory [apple.com] covers a lot more than LDAP. Yes, it's based on OpenLDAP -- in part. Yes, there is a nice GUI, which you can use to administer users and groups remotely, from another Mac OS X machine.
But there's also MIT Kerberos, integrated with the LDAP. When you create a user in Open Directory, the necessary Kerberos principals are created for that user. User identification (linking usernames with Kerberos principals and home directories) happens automatically.
But wait, there's more -- there's also the Apple Password Server, which is based on the SASL layer from CMU. This provides centralized, non-Kerberos password support, for things like CRAM-MD5 authentication, or NTLMv2 auth for Samba. The Password Server passwords are automaticaly synchronized with the Kerberos passwords. When you change a user password in the KDC the corresponding password is also changed in the Password Server or vice versa.
Still not happy? How about built-in replication support for load-balancing and high availablility. It covers not only the LDAP database via slurpd but also the Kerberos and Password Server databases?
Oh, and one more thing -- encrypted archiving built in to the GUI. Archive your entire set of LDAP user information and your password database to an encrypted disk image. Secure and convenient.
(Yes, I work for Apple -- but the parent post misses most of the good parts.)
--Paul
Re:3. Mac OS X Server (Score:4, Informative)
And yes, I'm on the OpenLDAP core team, and I wrote a lot of the code that makes Heimdal, OpenLDAP, and Cyrus SASL play together. It's been working well in the field for years. And for those people who have trouble getting configure scripts to connect everything the way they want, my company Symas Corp. offers pre-built binaries of all of these packages, already integrated, ready to run.
Other options? (Score:5, Interesting)
Re:Other options? (Score:5, Informative)
Just because something doesn't get a lot of press doesn't mean it's gone.
That's what I thought. (Score:5, Informative)
I don't know about cost. We have their educational license, and that includes Netware and 3 other products (we use Groupwise, ZENworks and iFolder) for less than $3.50 per student. The license covers as many servers as we care to run those products on.
Look at OpenExchange (Score:5, Informative)
Seems competitively priced to Exchange and there's also a free pure OSS version available (although if you want offical support and a nice installer, you need to pay for it).
http://www.openexchange.com/ [openexchange.com]
I haven't personally used it, but I've been looking at it as an Exchange alternative (I really really hate exchange) for the small company where I work.
Re:Look at OpenExchange (Score:2)
The LDAP datastore is kept separate from the rest of the data (which is in Postgres), and I've heard of some problems with "LDAP clients", like Evolution, which can't write Contacts to the server. Which allows those Contacts to get out of sync with Contacts enter
The client is called OXLook... (Score:2)
Don't know how long that will last and I image its not part of the OSS suite.
I haven't used it but would like to do some testing with it at work. For more general directory type support (domain controller, etc) I'd look at Suse LINUX Enterprise Server with their Novell Open Enterprise [novell.com] (sorry thats a PDF). It uses Samba and LDAP, but its the closest thing to a usable AD "killer" I've seen so far.
Re:Look at OpenExchange (Score:2)
STOP.... (Score:4, Insightful)
W2K3.
Just shut up, buy it and be done with it. It'll hook up with whatever you're running and it is fine as long as you take the same precautions any decent Sys Admin would.
Re:STOP.... (Score:2, Insightful)
Exchange, I'm no so sold on, but it works and is well documented enough that you can do most of things with it that you will want.
Re:STOP.... (Score:4, Interesting)
It might still be that W2k3 is the right tool, but please, have your information straight!
Re:STOP.... (Score:2)
WTF?
Re:STOP.... (Score:2)
Re:STOP.... (Score:2)
Re:STOP.... (Score:3, Informative)
Can't touch this! (Score:2)
Yes, but don't you want your directory server to interoperate with other systems? Isn't that the whole point? I'm half joking, but half serious as well; one of the main gripes I have with AD is the lack of customization that one can perform with it. It's great when you want to integrate it with Microsoft Remote Acess or Microsoft SQL Server or any of a dozen other Microsoft products, but try getting it to authenticate against opensource P2PP/PP
Mod parent hilarious (Score:2, Insightful)
Myself being a decent Sysadmin, I can tell you my first priority is always to banish MS products to the extent possible. It takes time, but if you're starting from scratch this is an excellent opportunity to avoid future problems.
Start by NEVER running anything mission critical under MS - especially a directory service.
Continue by banning Internet Explorer companywide, and finish by
Don't get me wrong; MS Windoze does have
Re:Mod parent hilarious (Score:2)
Grow up. Is linux/OSX better than windows in some ways? Sure. How about you learn to prove a point without senseless bashing though?
People might care when you talk like you know what you're talking about.
Senesless flaming and trolling comes at a dime a dozen.
Re:STOP.... (Score:2, Interesting)
STOP.... (Score:4, Funny)
There are Other Options (Score:5, Informative)
Novell:
Linux Small Business Suite
http://www.novell.com/products/linuxsmallbiz/ [novell.com]
It includes edirectory, groupwise for email, suse enterprise server,Novell ZENworks Linux Management Client
IBM (Lotus)
http://www.lotus.com/lotus/general.nsf/wdocs/nd7c
You can use Domino as an ldap server.
Other IBM Software on Linux:
http://www-306.ibm.com/software/os/linux/software
or
http://www-1.ibm.com/linux/matrix/ [ibm.com]
Re:There are Other Options (Score:2)
I (along with one other admin) support around 9000 mailboxes for a F500 on Domino 6.5 on Linux. We still have plenty of time for other projects. Exchange is easier to set up, but Domino is far easier to keep running. (try manipulating messages in an active mail queue in Exchange.)
The major complaint about Domino is the unappealing client. I happen to like it, but
Novell NDS (Score:3, Interesting)
Another Consideration (Score:5, Insightful)
If the company is trying to do something geeky-cool, you may be best served by using a "cobbled-together" open source architecture. It'll show your boy's and girl's prowess on the console and could be used as a Hercules-on-a-pedestal showcase for your talents.
On the other hand, in either of the other two cases, you're most likely going to be using MS on the desktop and your people aren't going to care that you've implemented OpenLDAP as long as their Word, Excel and Outlook work. In this situation, as has already been noted, you'd probably be best served by implementing Windows Server 2003 + Active Directory. An additional benefit is the expertise is relatively cheap and available, and may already be in-house with your amalgamated IT staff.
Good luck!
Re:Another Consideration (Score:4, Insightful)
Or there very likely isn't an IT staff, almagamated or not. Three companies that join to form 100 employees, with poor infrastructure, typically means one company of 50 employees and a "Windows admin/something else" and two companies of 25 employees each that paid somebody to setup their networks five years ago and have since just watched it deteriorate.
It sounds like the inquisitor is about to inhereit a huge mess without necessarily the skills or resources to deal with it. If that's the case, I'd suggest taking a long-term approach:
1) Decide who will manage the network (this is a full time job),
A) if it's you, then
i) choose what you're most comfortable with, else
B) if it's not you, then
i) put an ad in the employment section, outlining your requirements in a non-specific way, contact outsourcing firms, and take applications.
You may be suprised at what you get. Linux and Open Source can save a ton of money and hassle long term, especially when implemented from scratch, but you have to know what you're doing. If you don't know or aren't sure, get help. A company of 100 employees can easily justify having two admins, especially when combined with the savings Linux and OSS are capable of.
Re:Another Consideration (Score:5, Interesting)
Cost is definitely a major factor here.
While going the W2K3 route would be easy and very functional, one has to take into account the cost of the eventual [forced] upgrades. A company of 100 folks probably isn't turning a wild profit in terms of real money, and what money there is will undoubtedly get funneled into R&D or advertising or SomethingOtherThanITInfrastructure. This is where the long-term cost savings on a "cobbled" solution will pay off handsomely.
The decision is best made right now.
Re:Another Consideration (Score:3, Interesting)
Troll?
I dare that coward asshat who modded me troll to come out from under his/her rock and prove the honesty of that mod.
I guess that person never heard of the "Software Assurance" program from Microsoft that forces upgrades every two years (with the alternative being a highly-inflated upgrade price whenever one is eventually required to upgrade). Everything else I said comes directly from my decades of personal experience in administering Microsoft and Unix/Linux (as well as Mac) networks.
I've got
Re:Another Consideration (Score:3, Insightful)
Software Assurance is not mandatory. There are quite a few companies (probably the majority) who don't use SA. Mine doesn't. Upgrades are still cheaper than buying new, but most companies aren't all that keen on constantly upgrading, and the ones that are will go with SA. Most companies buy new hardware, and buy it with and OS and applications they will need. The hardware runs and
Re:Another Consideration (Score:2)
But will the "cobbled" solution scale properly when the company of 100 folks becomes a company of 5000 folks distributed worldwide? Unplanned-for growth can be messy in "cobbled" systems, and if you take the time to develop a solution that will grow well, then you might be devoting too many resources to the IT infrastructure.
Also, in a company of 100 folks, how many will be in the IT department? What will happen when
Fedora Directory Server (Score:4, Interesting)
Regards,
Steve
Roundcube... holy crap Batman, that's awesome! (Score:2)
Damien
If you end up going OSS... (Score:2)
NDS (Score:3, Informative)
You can check out the documents here [redhat.com]
Re:NDS (Score:2)
I can, too, can vouch for the Sun ONE Directory Server. I use it to handle authorization for various websites (which also use the Sun ONE applet server) as well as the email security for a couple of start-ups. Postfix and Courier work very well with it.
I one day hope to test the scalability...
Novell (Score:5, Informative)
1. Directory Services: eDirectory. It runs on multiple OS platforms such as Windows, Linux, NetWare, Solaris, etc. It is more robust than AD, particularily across wan links (viz. replication). And of course it is LDAP v3 compliant so nearly any LDAP client can use it for authentication and authorization.
2. Open Enterprise Server, Linux and NetWare. For hosting your file and print services. You get the best file system out there - NSS - on either platform. Real ACL's and vastly more refined trustee assignment and inherited rights filtering capabilities than any other filesystem.
3. Groupware/Messaging: I am less experienced in the alternative offerings in this catagory, but I believe that Novell has a decent product in GroupWise 7, which runs on Windows or Linux or NetWare.
Again I don't know what your selection criteria are, but you may have skipped Novell due to lack of awareness...
Cheers.
XAD (Score:5, Informative)
Try XAD [padl.com] from PADL.
To Windows clients, it acts as an Active Directory domain controller, so it supports Kerberos authentication, group policies, etc. It also includes RFC 2307 support for seamless integration of Linux/UNIX clients.
Try Solaris (Score:3, Informative)
cobbled-together? (Score:5, Informative)
Also, there are some really great LDAP/IMAP type solutions you can put together under Linux for zero cost. Obviously this option requires someone more capable than your typical point-n-click "MS-Admin". It would take one employee with the ability to read a book or some docs. Though, I know your typical point-n-click "MS-Admin" wants to be able to just put in a CD and let AUTO-RUN do all the "hard" work for them.
If I personally owned a small company with ~100 employees, I would rather have one talented admin that could handle *nix/Win than 2-3 point-n-click MS "admins". If you added up the salaries, that one guy would cost you less than the 2-3 less capable point-n-click MS "admins". TIJMO (This is just my opinion).
Re:cobbled-together? (Score:2)
Re:cobbled-together? (Score:2)
Re:cobbled-together? (Score:2, Informative)
Which version of NetWare are you on?
The college is went to a number of years ago used NetWare (and still do) and it works very well for them.
At work we have edir and AD integrated, edir being the main directory. I mostly work with HPUX/AIX/Linux but have done a little NetWare stuff in the past. I don't know about current QA at Novell but we don't seem to have many issues that I can
Re:cobbled-together? (Score:2)
Meanwhile you have 3 monkeys running a network. I wonder who's safer and most productive?
Re:cobbled-together? (Score:3, Insightful)
This is exactly why so many small businesses fail. A sole proprietorship (SP) where the owner is in an accident or gets sick and can't work or an SP with an owner who can't do it all. Great tech but a crappy marketeer, or good salesman but lousy time management or poor quality work. An LLC where one person brings in 80%, and then that person leaves, gets sick, d
Fedora Directory Server? (Score:5, Informative)
Why, again? (Score:3, Interesting)
Bynari / Samba - Win-win scenario (Score:2, Informative)
I do some implementation projects for an IBM reseller who does implementations on the iSeries platform, and they push (and I implement as the consultant, go figure) a lot Samba + Bynari to the point that I was actually convinced myself and bought myself a few lics for Bynari.
The nice part about Bynari is that they have great support, and they are continueously improving their product, and they use open technologies (OpenLDAP/Cyrus/Postfix) so its easily hackable. The Outlook IMAP connector rocks, and so
Novell (Score:3, Informative)
I'm going to a Zenworks 7 thingy on Wednesday
it's not just about OSS and Windows
How do you get email addresses into a directory? (Score:2)
What puzzled me was how to get information into the directory. Say I receive an email from bob@sub.genius, and he is not in my directory. All the common email clients seem able to consult a directory, such as an LDAP server, but none seemed
Scalix + OpenLDAP (Score:2)
Do you have Windows desktops ? (Score:5, Insightful)
Added to that, it's not especially difficult getting Unix machines to talk to AD for authentication and other information (it's just LDAP, after all).
It's a hell of a lot easier to integrate and manage a handful of unix machines in a Windows environment than it is to integrate and manage a hundred Windows desktops in a unix environment. IME, that's typically the scenario (unix servers for mail, fileserving, DB, etc and Windows desktops).
Novell's/Suse's SLES 9 (Score:3, Interesting)
If you need to control Windows Clients simply create custom Policies for Microsoft's System Policy Editor (or use mine at my web site).
I have currently replaced 5 Windows Servers with SLES9 and have not had a single problem. IMO it is much easier to maintain/use than anything MS has released in the server department.
Active Directory and Exchange (Score:5, Insightful)
If you want something very well supported, not horribly difficult to administer in a simple environment and tried and true, just go with Active Directory and Exchange, especially if your company's focus is on something other than providing unique technology solutions. (i.e. you sell baskets)
While the open source solution might cost less up front, there is nothing in open sourece land at present that can touch the Exchange/Outlook combination. Sure, there are products such as OpenExchange, but, let's assume that you want the option to easily add other services later on, such as true handheld synchronization (i.e. www.good.com)
I know it can be sacrilege on Slashdot to not promote an open source solution every time, but sometimes, the business side of the house is more important than a cool technology solution.
eDirectory (Score:2)
And it runs on linux. And it's cheap!
"Cobbled together" (Score:2)
As I see it, each of these programs perfectly implements the standard it was designed for, and the directory service you get by combining them is just that: a directory service. It seems to be fulfilling the intended purpose perfectly.
Is the "cobbled-togetherness" a result of them not being shrink-wrapped together into a product with a single
Just go with Exchange / AD (Score:2)
Ask your business what its objectives for the new system are. Keep these in mind when you select products and design a solution.
Now back to solution mode. You can have a minimal three site AD and Exchange system set up in less than a day from bare metal servers. As long as you have adequate bandwidth (about 64 kbit/s will do for minimal acceptable performance for 100 users), it just works. Just
Hire a good consultant. (Score:2)
So call IBM.
Novell? (Score:2, Interesting)
Novell 6.5 is the latest, and I can lock out users based on windows policies, etc.. just like MS active dir... assign various sub admins to rule over their own dept, etc... AND Groupwise (IMHO) is a great email/calender app... (Groupwise 7 is supposed to be better, but I haven't gotten to play with it yet...)
AND they are starting to move everything over to Linux via SUSE L
What's missing from Apple (Score:3, Interesting)
So far, things have gone better than I expected. We are authenticating Mac, Windows and Linux PC's, all of which can access the same home directory. The Open Directory master server also acts as the Windows PDC and serves up roaming profiles for Win XP clients.
What I've been hounding my Apple rep about is the lack of a real group callaboration suite. The pieces are there; iCal, Address Book, Jabber, Cyrus/Postfix. They need to be brought together in an Exchange/GroupWise sort of fashion. We are still using Steltor Corporate Time (now Oracle Collaboration Suite) for calendaring, task lists, and shared contact lists. I'm watching the Hula project closely. Rumor has it Apple is shopping around for a comprehensive group collaboration system. Hula might be it! Zee dork
Anything but Novell (Score:3, Interesting)
I live the Novell dream everyday, and "cobbled together" would be a generous description of their products and services. This is a company with a time honored tradition of rendering promising technologies useless. They handed most of the market to MS on a silver platter.
Before you consider Novell too seriously, look through the forums at forums.novell.com, be sure ask about your support options , and try to get a feel for the staffing and training required for a network of your size and scope.
Stick with your inital instincts, just remeber that very few Novell products are actually Open Source.
Win2003 with Sharepoint (Score:2)
Nove
Novell? (Score:2)
Look at using Novell NetMail [novell.com] with Novell eDirectory.
It's fast, cost effective, standards based, scalable - and it runs on Linux, Windows, Solaris - or even NetWare.
For 100 users it will be just great.
If you want open source - and depending on your acceptance of 'newness and risk' - look at Hula [hula-project.org] - again based on the NetMail codebase.
Mac OS X Server (Score:4, Informative)
It has ease of use GUI goodness, with a full open source stack underneath: supports Open/LDAP directory services, single sign-on, kerberros, email, calendering (via WebDav), file services (via Samba for Windows and Linux), CUPS, Apache, DNS, Mailman - the list goes on and on. It plays extremely well in mixed environments and is extremely easy to administer - no steep learning curve.
It's far cheaper than all the other alternatives, including Novell and RH, not to speak of Microsoft. And soon you will be migrating all your users to OS X boxen as well once you see all the advantages.
I have done administration on all the other alternatives and I'm far from an Apple fanboy, so don't start flaming me on that score.
Some tips and a little more on Lotus Domino (Score:2, Informative)
I've done a lot of work with a range of customers on implementing and maintaining directory infrastructure, mainly centered around Lotus Domino and the IBM Directory Server. To start the shameless plug, I'll say that based on your criteria - directory services and a groupware/m
Novell eDirectory ? (Score:3, Insightful)
It is specially interesting on a mixed environment solution, and it does provide some interesting possibilities when coupled with Novell Client.
The pricetag is also VERY attractive.
Stark and Clear? (Score:2, Insightful)
Novell is all-in-one (Score:3, Interesting)
For groupware, check out Zimbra (http://www.zimbra.com/ [zimbra.com]). The Flash demo is great.
Re:You want to save money? (Score:3, Funny)
Re:I know! I know! (Score:3, Insightful)
Re:Oh jeez...here we go with OSS again (Score:2)
For small scale, less than 50 users, MS is very common. For large scale, more than 50, it doesn't scale well. The interdependencies of what are functionally very different parts of the system (user authentication, file services, DNS, email, calendar, etc.) just don't work well in a large shop based on Microsoft. And the licensing costs are prohibitive at the medium scale, unless you've got an educational dis