Jackson Shaw window shops the Red Hat Directory Server and doesn’t like what he sees:
Would I pay for an LDAP directory server today? No, I wouldn’t. I’d either go with OpenLDAP, ADAM or deploy an actual Active Directory domain controller (not free, but at ~$800 or less for unlimited users…) because I’ve talked to customers that have deployed >million user directories with each of those choices, they have vibrant user communities, are supported (vendor or community) and are technically sufficient for almost every purpose. I think if I was a small business with 500-2000 users I’d be looking at using a free solution, too – $10/user is just too much for a piece of history.
I agree with Jackson, but I can see one segment that would pay for this. If you had a Linux only infrastructure but wanted to have a vendor supported LDAP server then I suppose you would be willing to pay for it. But I really can’t see this as a robust market to build and maintain a product for.
I remember talking to an IT group that maintained a ~200K entry commercial LDAP server back ending a customer portal. They were going through a painful and time consuming data scrubbing exercise because they only had a 200K license and had been told they couldn’t buy more. I suggested moving to OpenLDAP or ADAM but they wouldn’t even consider it. Go figure.
7 responses so far ↓
Jackson Shaw // May 30, 2008 at 1:56 pm |
Jeff – I forgot to mention ApacheDS in my blog post as a viable option. It is.
Prediction: OpenLDAP goes the way of the Do-Do bird to be overrun by ApacheDS. The Apache guys have their act together and are truly thinking both innovatively and strategically.
Best,
Jackson
Throwing the red hat into the ring « Identity Blogger // June 21, 2008 at 9:16 pm |
[...] June 21, 2008 · No Comments RedHat has joined the list of OS vendors that feel that Identity Management is a key offering. They have acquired Identyx, a provider of open source IdM products. This fits nicely with their existing directory server product (which Jackson Shaw and I commented on earlier, here and here). [...]
Howard Chu // June 28, 2008 at 6:59 pm |
Jackson: With a prediction like that you obviously aren’t paying attention to either the OpenLDAP or ApacheDS communities. Actually the OpenLDAP and ApacheDS teams are collaborating closely on several fronts. All the good thinking occurring on either side is immediately shared with the other side. No overrunning is going to occur.
Alex Karasulu // July 2, 2008 at 2:28 am |
Hi Jackson, Howard, all … At the LDAP conference last year the OpenLDAP and ApacheDS communities had an incredible bonding experience. We’ve realized we’re essentially two communities with the same fundamentals/ideals at our core: (1) we’re here for our users, (2) with business friendly licenses both BSD derived, (3) and we want to further LDAP (innovation) to make it easier to use in modern scenarios.
We want LDAP users to benefit most and not have to pay for advanced features that could potentially make their way into LDAP standards. We have started working together to share ideas, experiences, and concepts. We’re at the beginning where the bonds are forming and information is flowing through individual channels. Our collaboration will eventually enable both servers to interoperate on several levels: like for example replication, schema, trigger specifications, LDAP views and LDAP stored procedure specifications. Through this collaboration there will be greater portability across our server implementations while showing the value of these new features across implementations. Bear with us: this will take time. LDAP nor OpenLDAP is not dead. I’m sure OpenLDAP will evolve with the good work and dedication of those at the OpenLDAP Foundation. The ApacheDS community is very fond of our friends there.
One last thing. The VD implementations of today like Penrose, are just hacks without a formal computational basis to them. People trying to get a product to market rapidly to sell a company. We intend to enable virtualization eventually with a solid footing in the LDAP administrative model using this concept of a view. Views, as well as triggers/SPs will enable new ways to easily solve the problems encountered in the identity space. As a teaser just think what could be done in the provisioning space if AD supported triggers? Real technology will yield solid reliable solutions instead of these band aids we’re seeing during this identity gold rush.
Directory vs Virtual-Directory « Identity Blogger // July 7, 2008 at 10:18 pm |
[...] we may have a Directory vs Virtual-Directory debate. Alex Karasulu of the ApacheDS project left this interesting comment on my post about the Red Hat Directory [...]
Directories vs. Virtual Directories? Really? (Clayton Donley's Blog) // July 8, 2008 at 10:09 pm |
[...] picking my jaw up off the floor from this comment from Alex @ the ApacheDS project on Jeff Bohren’s [...]
Directories vs. Virtual Directories? Really? | Oracle // September 5, 2008 at 8:17 am |
[...] picking my jaw up off the floor from this comment from Alex @ the ApacheDS project on Jeff Bohren’s [...]