Forgot your password?
typodupeerror

Fedora Directory Server 1.0 Released! 200

Posted by Zonk
from the like-a-kid-with-edubuntu dept.
LnxAddct writes "NewsForge is reporting that the first official release of the Fedora Directory Server has been announced. This is good news for members of the open source community longing for an easy to use, enterprise class directory server. Fedora Directory Server is based off of Netscape Directory Server which Red Hat purchased a year ago and released as open source. Screenshots are available on their site." NewsForge is a Slashdot sister site.
This discussion has been archived. No new comments can be posted.

Fedora Directory Server 1.0 Released!

Comments Filter:
  • command line (Score:5, Interesting)

    by Darkon (206829) on Sunday December 04, 2005 @07:32AM (#14177676)

    A fancy GUI [redhat.com] is all very well, but does this come with some decent command line tools to scriptify adding and removing users and the like? One of the things that's kept my department on NIS for so long is that absolute hideous unfriendliness of the OpenLDAP tools vs useradd, usermod and friends.
  • Gentoo package? (Score:5, Interesting)

    by nighty5 (615965) on Sunday December 04, 2005 @08:05AM (#14177748)
    Anyone know if there is a gentoo package for this? - Even if it's not the most up to date.

    I've searched used such strings as "ldap", "nss", "directory" etc - but nothing comes up too interesting.
  • About the console (Score:2, Interesting)

    by Sk0yern (783174) on Sunday December 04, 2005 @08:26AM (#14177788)
    Have anyone else noticed how slow the console is on a RedHat Enterprise 3 server?
    Its like you press a button, then you have to wait for 10 seconds before anything is happening. On Enterprise 4, everything is about 50 times faster, maybe even more.
    The main difference here should be 2.4 kernel versus 2.6 kernel, but what makes the console that much faster on 2.6?
  • by Anonymous Coward on Sunday December 04, 2005 @08:31AM (#14177796)
    I'm sorry, what the hell are you talking about? That was the most mindless post I have ever seen.

    The first problem is that Netscape probably didn'tadd much to their Directory Service towards the end, and it is unclear how much Fedora has had to put resources into code cleanups and bug fixes, as opposed to adding the capabilities it is going to need.

    Red Hat / Fedora Team spent about a year cleaning it up and porting it to linux, or didn't you bother to read the summary?

    For this directory server to be of much interest to network administrators, this package absolutely must support two-way communication with Microsoft Active Directory's LDAP. It can support more - and it would be great if, for once, Open Source "embraced and extended" something from The Other Side...

    Uh? What does it need? 3-way communication with AD? 4-way? Active Directory is just a bastardized for of LDAP, and even OpenLdap includes the bits needed to work with it. What you are saying here doesn't make any sense.

    To be of interest to system admins, it needs to work with PAM and preferably one of the standard "unified" admin interfaces, like Webmin or (yes, it is still used) linuxconf, in addition to specialized tools.

    What you are saying here demostrates a complete ignorance of PAM, LDAP, and directory services in general. PAM has long supported LDAP, as has the NSS libraries. Webmin and Linuxconf are two interfaces the people have added as a layer on top of existing services. Nothing NEEDS to work with them, they support whatever they want. FDS has a great GUI and that is the point. Otherwise, an LDAP service is a usefull as the schema you load and how you implement it.

    I like Fedora's distro, it is simply that if they are neglectful of something they can do in a script and a makefile, and of mere patches they had already made public, then how confident can I be of their ability to maintain a very complex piece of software?

    Ok, seriously, get a clue. If you are looking for assurance, pony up some cash and buy the fully supported Red Hat Directory Server. Frankly, I think the entire Fedora effort is great, but I wouldn't run any substatinal business on it. For that I pay for Red Hat.

  • ldap schmel-dap (Score:3, Interesting)

    by Anonymous Coward on Sunday December 04, 2005 @08:38AM (#14177821)
    My employer recently tried to "enchance" our application to authenticate to an LDAP directory rather than our traditional backend security server. Wow, is LDAP ever NOT the tool for that job.

    There are so few standards around LDAP authentication that it is impossible to support "LDAP" - you have to support MS Active Directory, Oracle Info Server, Novell eDir, etc..

    For example, there is no standard way to handle password expiration. Every directory does it differently. There is no standard location or hashing algorithm for user passwords, nor is there any sort of standard password policy (password complexity rules, maximum retries until lockout, etc)

    So we basically had to rewrite support for all these things that we already had in a modular fashion so now administrators are stuck configuring "the AD plugin", or "the OIS plugin".. ... but anyway, LDAP thinks it's all that and a bag of potato chips, but I'm here to tell you it is NOT.
  • Re:Great (Score:1, Interesting)

    by Anonymous Coward on Sunday December 04, 2005 @08:56AM (#14177851)
    "So I can kick the Windows ADS out of the door?" - by TarrySingh (916400) on Sunday December 04, @07:39AM

    You can most likely, I do not see why not!

    After all, this is just another example of you Linux people have duplicated/imitated/copied yet another concept from the Windows world so you can do something already doable in Windows!

    (This goes on from both sides though - e.g. -> Windows via Terminal Services (ala watered-down licensed technology from Citrix) does what X has been doing for year on UNIX, which is remotely runnable applications & desktops. Directory Services aren't original to Windows either - Novell had them before Windows & Citrix did via NDS (Novell Directory Services))

    BUT, other things (like thread-use & especially/specifically @ the kernelmode level) is another one that Linux bit off of Win32 OS, & @ the kernel level so that SMP (more than 1 cpu) was possible for the OS to use in Linux (it already had usermode "threads" that ran off a single kernelmode thread round-robin) & so Linux could 'scale to enterprise class use' as an OS.

    Again - this ALL seems to be a game of copy-cat/knockoff from ALL OS families, stealing one another's features!

    APK

    P.S.=> Personally, I dno't really care if one OS family takes another's features (although you hear it here constantly that MS innovates & creates nothing, which partially is true, they DO license technology from others OR buy entire companies out for their technologies), as long as we, as the consumers, get those nice features in whatever OS it is we all use... apk
  • by Temkin (112574) on Sunday December 04, 2005 @10:29AM (#14178087)

    Red Hat / Fedora Team spent about a year cleaning it up and porting it to linux, or didn't you bother to read the summary?



    "Porting to Linux" is and of itself a mindless statement, since this is Netscape DS, aka iPlanet DS, which is an antique fork of Sun's current SJES DS, all of which have been running on Linux for better part of a decade.

    It will be interesting to compare Fedora DS to Sun's current offering. Sun even provides an open source tool for this called SLAMD [slamd.com].
  • Re:+ Kerberos ? (Score:3, Interesting)

    by Dolda2000 (759023) <fredrik@dol[ ]000.com ['da2' in gap]> on Sunday December 04, 2005 @11:33AM (#14178321) Homepage
    A $notnerd sees the requirement as a black box, they don't care about the internals. They've probably been told by some techie/salesman that it will address some problem they have. For this person turnkey seems perfect, $company sells $product which is billed as an 'identity managment solution'. A magic black box solution to a black box problem, their work is done - now it is IT's problem.
    I agree completely with that, but my main point is that I think that this "turnkey solution" should be a separate product -- an analogy to metapackages (like GNOME), if you will. This metapackage, which would be the already existing components plus shrink-wrapped config files, could then be sold to corporate purchasers as an "identity management solution". Optimally, it should be tailored to each company. My point is that it should not be part of the directory server, and probably not even part of the Fedora Core distribution.

    Maybe it should be part of RHEL, but I'd still see these kinds of turnkey solutions as something that should really be a consultant task. Each company or organization has disparate requirements and therefore, I think each case should be examined individually. I think that in general, open source software should remain the kind of general solution that it is today, and not implement 10+ buttons for each individual scenario. It might be a good idea that Red Hat could produce a number of specialized RHEL distros for the most common scenarios, but RHEL and FC themselves should remain generic.

    To you it isn't, but what happens when you leave? It's much easier to recruit someone to maintain a push button solution
    Most commonly, the experienced administrator would develop more or less a "push button solution", in the form of a collection of scripts to handle the most common tasks. Thus, when I quit, the next admin could just push the buttons I've prepared for myself. If he doesn't want to dive deeper, he probably shouldn't have to. Of course, it cannot be enough emphasized that the admin who develops a system should document it properly. The thing is, the "push button solution" developed locally will handle any particularities of the organization it was developed by and for, while general turnkey solutions (is that an oxymoron?) will always leave deficiencies since they cannot be tailored to the needs of the organization it will be used by.
  • by illumin8 (148082) on Sunday December 04, 2005 @01:22PM (#14178802) Journal
    The first problem is that Netscape probably didn'tadd much to their Directory Service towards the end, and it is unclear how much Fedora has had to put resources into code cleanups and bug fixes, as opposed to adding the capabilities it is going to need.

    To really understand this move by Redhat, it has to be taken into context with last weeks news about Sun open sourcing their enterprise applications, one of which is iPlanet Directory Server. iPlanet Directory Server and Redhat's both forked from the same Netscape code base. The difference is that Sun has invested 3-4 years of heavy development time, improving features involving 4-way multi-master replication across WAN links and many other things. It seems like Redhat just dusted off the 5 year old-code, rewrote some of the encumbered bits, and released something that's probably equivelant to Netscape Directory Server 4.0. Sun is up to iPlanet Directory Server 5.2 and has been innovating.

    I think this is a move by Redhat to counter the move Sun made last week in opening up their directory server product.
  • Re:+ Kerberos ? (Score:4, Interesting)

    by rhinoX (7448) on Sunday December 04, 2005 @01:56PM (#14178990)
    Actually, it's not always $notnerd vs. $nerd. I am a nerd in every sense of the word. I understand the technology as well, if not better than any other nerd. I also understand that in my company, my technical talents are better used to _produce new products_ for us to sell to our clients and thus make more money. Screwing around with configuration files, etc. is a _waste of my time_. I just want a directory service that allows single sign-on so I can easily add resources and people to the organization without having to freaking script my own mgmt console around some lame-ass command line tools because someone out there thinks that you have to use a CLI to "understand technology".

  • Re:command line (Score:1, Interesting)

    by Fyre2012 (762907) on Sunday December 04, 2005 @04:30PM (#14179770) Homepage Journal
    Don't people who do write software want people who don't know how to write it to still use it?

    I'm a typical web admin, so can i really afford to take time to write all the scripts to make this work? Hell no.
    that said, do i still want to use it? ABSOLUTELY!
    Don't know how to code? LEARN

    just brilliant. What a great way to entice the MS users of the world to switch ro an FOSS solution! Fanatical support from people who care! /sarcasm

  • by kimvette (919543) on Sunday December 04, 2005 @06:33PM (#14180519) Homepage Journal
    I'd like to see this in SuSE (Retail as well as Open). SuSE does have some LDAP management tools but it's not really an alternative to Microsoft's Active Directory yet (blasphemy, I know, but it's hard to argue against point-and-click management of a hierarchical directory service). This is something Linux sorely needs - a strong directory and centralized authentication service that is easy to deploy AND manage, and if a Windows client will work with it, it will be very, very hard to justify paying for Windows server and the gazillion CALs for each server when the same could be had for free on *nix. As long as they keep the CLI for maintenance tasks and mass import/migration of users, they'll have a winner. I hope every major distribution backs one of the tools and works to make it really, really solid.

    I don't think this would kill off RHEL or SLES or Novell Linux, because larger organizations will want bundled support and value-added items like subscibed centralized deployment tools, consulting time, and so forth.
  • Re:Nice to see (Score:3, Interesting)

    by jbellows_20 (913680) on Sunday December 04, 2005 @07:15PM (#14180753) Homepage
    A real solution would be a policy engine, an actual application that read policies from an enterprise server then took those policies and applied them to the workstation. Take that and give it an interface (whether gui or tui) to allow the management of the different policies. I've looked around and there isn't much. Zenworks from Novell is supposed to be able to do this but haven't had time to setup a test system to see what it can do. As much as one might hate Microsoft, he/she has to admit that their Enterprise management tools are one of the best out of very few options.
  • by trolleywobbles (936189) on Monday December 05, 2005 @02:03AM (#14182870)
    You know, I resent that. I've had a lot of experience with both Fedora and Gentoo, and I don't think you have any idea what you're talking about. Both (especially Gentoo) are very maleable distros, and it's just sad you have to rely on your precious package manager to apt-get anything done. The reason you have to compile everything for Gentoo is that it enables much more cross-platform software and programming. But I wouldn't expect you to understand any of this. Just let your Ubuntu lull you into a false sense of security...

13. ... r-q1

Working...