Craig White craigwhite@azapple.com wrote:
I hesitate to go on this divergent path but I was never convinced that Red Hat has opened their heart to
openldap...
RHEL 3 after all shipped the ancient 2.07 version
Red Hat Linux 8/9 is well over 3 years old! RHEL 3 is based on that.
and RHEL 4 continues to languish with a partially broken 2.2.13
Fedora Core 2/3 is now over 18 months old. RHEL 4 is based on that.
and only recently have they finally tried to integrate a broken but commendable effort of openldap & kerberos in
FC-4
And now you know _why_ they decided to go NsDS last year. Because OpenLDAP 2.2 at the time was really missing a lot without requiring a lot of site customization.
Unlike the few vendors who tried to integrate a "basic" OpenLDAP with maybe a Samba schema and store at best, Red Hat wanted a _true_ LDAP + Certificate + Kerberos + etc... setup out-of-the-box for UNIX networks (not just Windows/e-mail).
The only good OpenLDAP implementations I've seen are the ones where people put a _lot_ of effort into their own, custom schema. It's really an undertaking, and not one I'd even want to look at. Again, outside of some cookbook OpenLDAP+Samba setups, there is a _lot_ that OpenLDAP requires someone to integrate that NsDS did well off-the-bat.
Especially the ADS integration portions where NsDS is a _peer_ or "master" to ADS, not just its "bitch" (member server and _not_ really a directory server ;-).