Directory Server as drop-in replacement for AD
Would be nice to see Red Hat Directory Server as a drop-in replacement for Active Directory. There are several challenges to overcome in this respect, but there are now very many organisations that have consolidated on a single authentication method - Active Directory. Historically it has been several steps ahead of RHDS and other LDAP implementations.
The challenge is to improve these areas enough and implement the required functionallity to provide RHDS as a drop-in replacement. Removing AD from organisations would be a huge publicity boost for Red Hat. Windows desktops would remain, but be oblivious to their new master.
Responses
Duncan --
Just because AD is in a corporation doesn't mean iPlanet/RHDS/389 is not also in it. In fact, many corporations still use "regular LDAP" to solve the real, integration issues with AD.
E.g., as I said prior, if AD schema doesn't match between forests, then you have to use something like Microsoft LDS. Most enterprises would rather just run a full LDAP.
Furthermore, AD does not handle UNIX/Linux well at all. At the most it provides legacy NIS with psuedo-RFC2307 compatible stores in AD. To do more, you have to either do all sorts of manual operations (e.g., keytab files), or purchase third party solutions.
So understand where 389/RHDS comes from, and what it's trying to solve. It's trying to solve LDAP needs that pre-date AD's creation, and corporate adoption of AOL-Netscape iPlanet solutions prior.
And also understand why there are separate, open source projects in Samba4 and IPA (aka Enterprise Identity Mangement). Samba4 is the AD replacement. IPA is the "canned" UNIX/Linux counter-part. IPAv3 is adding extensive AD interoperability via Samba4.
However, there is no "single product" that solves the problem for corporations. AD cannot manage UNIX/Linux well at all, only Windows. In fact, most Windows architects and engineers don't even design AD correctly for Windows networks, much less are dumbfounded with UNIX/Linux clients.
Your entire view is based on the fact that AD manages non-Windows. It was never designed to, and the few things it does are entirely inadequate (even many 3rd party applications do little more than what SSSD does now in Fedora/EL). If you had exposure to trying to manage UNIX/Linux with AD, especially without any 3rd party add-ons, you would know this.
-- Bryan, MCSE/MCITP (2000-2008)
P.S. There is nothing more frustrating than when I'm trying to explain to "Windows architects" that I need them to at least populate the RFC2307 fields so I have UNIX/Linux attributes. In most cases they don't understand why their SIDs/ACEs and other things "don't just work with Samba." Most are _poor_ Windows architects that I have to solve their AD design issues for.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
