How much for that LDAP server in the Window?

Jackson Shaw window shops the Red Hat Directory Server and doesn’t like what he sees:

Would I pay for an LDAP directory server today? No, I wouldn’t. I’d either go with OpenLDAP, ADAM or deploy an actual Active Directory domain controller (not free, but at ~$800 or less for unlimited users…) because I’ve talked to customers that have deployed >million user directories with each of those choices, they have vibrant user communities, are supported (vendor or community) and are technically sufficient for almost every purpose. I think if I was a small business with 500-2000 users I’d be looking at using a free solution, too – $10/user is just too much for a piece of history.

I agree with Jackson, but I can see one segment that would pay for this. If you had a Linux only infrastructure but wanted to have a vendor supported LDAP server then I suppose you would be willing to pay for it. But I really can’t see this as a robust market to build and maintain a product for.

I remember talking to an IT group that maintained a ~200K entry commercial LDAP server back ending a customer portal. They were going through a painful and time consuming data scrubbing exercise because they only had a 200K license and had been told they couldn’t buy more. I suggested moving to OpenLDAP or ADAM but they wouldn’t even consider it. Go figure.


7 responses to “How much for that LDAP server in the Window?

  1. Jeff – I forgot to mention ApacheDS in my blog post as a viable option. It is.

    Prediction: OpenLDAP goes the way of the Do-Do bird to be overrun by ApacheDS. The Apache guys have their act together and are truly thinking both innovatively and strategically.



  2. Pingback: Throwing the red hat into the ring « Identity Blogger

  3. Jackson: With a prediction like that you obviously aren’t paying attention to either the OpenLDAP or ApacheDS communities. Actually the OpenLDAP and ApacheDS teams are collaborating closely on several fronts. All the good thinking occurring on either side is immediately shared with the other side. No overrunning is going to occur.

  4. Hi Jackson, Howard, all … At the LDAP conference last year the OpenLDAP and ApacheDS communities had an incredible bonding experience. We’ve realized we’re essentially two communities with the same fundamentals/ideals at our core: (1) we’re here for our users, (2) with business friendly licenses both BSD derived, (3) and we want to further LDAP (innovation) to make it easier to use in modern scenarios.

    We want LDAP users to benefit most and not have to pay for advanced features that could potentially make their way into LDAP standards. We have started working together to share ideas, experiences, and concepts. We’re at the beginning where the bonds are forming and information is flowing through individual channels. Our collaboration will eventually enable both servers to interoperate on several levels: like for example replication, schema, trigger specifications, LDAP views and LDAP stored procedure specifications. Through this collaboration there will be greater portability across our server implementations while showing the value of these new features across implementations. Bear with us: this will take time. LDAP nor OpenLDAP is not dead. I’m sure OpenLDAP will evolve with the good work and dedication of those at the OpenLDAP Foundation. The ApacheDS community is very fond of our friends there.

    One last thing. The VD implementations of today like Penrose, are just hacks without a formal computational basis to them. People trying to get a product to market rapidly to sell a company. We intend to enable virtualization eventually with a solid footing in the LDAP administrative model using this concept of a view. Views, as well as triggers/SPs will enable new ways to easily solve the problems encountered in the identity space. As a teaser just think what could be done in the provisioning space if AD supported triggers? Real technology will yield solid reliable solutions instead of these band aids we’re seeing during this identity gold rush.

  5. Pingback: Directory vs Virtual-Directory « Identity Blogger

  6. Pingback: Directories vs. Virtual Directories? Really? (Clayton Donley's Blog)

  7. Pingback: Directories vs. Virtual Directories? Really? | Oracle

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s