From owner-freebsd-questions Tue Jun 5 16: 8:13 2001 Delivered-To: freebsd-questions@freebsd.org Received: from dell.dannyland.org (dell.dannyland.org [64.81.36.13]) by hub.freebsd.org (Postfix) with ESMTP id D686737B401 for ; Tue, 5 Jun 2001 16:08:08 -0700 (PDT) (envelope-from dannyman@toldme.com) Received: by dell.dannyland.org (Postfix, from userid 1001) id D6A7F5C48; Tue, 5 Jun 2001 16:07:36 -0700 (PDT) Date: Tue, 5 Jun 2001 16:07:36 -0700 From: dannyman To: Sean Knox Cc: freebsd-questions@FreeBSD.ORG Subject: Re: LDAP support: iPlanet or OpenLDAP? Message-ID: <20010605160736.F20416@dell.dannyland.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: ; from wintermage@home.com on Sun, Jun 03, 2001 at 06:58:40PM -0700 X-Loop: djhoward@uiuc.edu X-URL: http://www.dannyland.org/~dannyman/ Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, Jun 03, 2001 at 06:58:40PM -0700, Sean Knox wrote: > In a previous thread, someone mentioned they prefered iPlanet's LDAP > implentation over OpenLDAP. Can anyone elaborate on this? I'm > currently researching which version to implement with some Exim mail > servers here at work, and would appreciate some feedback. Last I checked, iPlanet is not available for FreeBSD, nor would one expect it to be given the partnership with Sun. iPlanet is reputed to perform very well, and implement more of LDAPv3 than OpenLDAP. My experience with Netscape DS is running it on NT through this cursed java console with the most horrible UI ever designed by humanity, and it randomly flaking out, thanks in no small part to dssynch.exe, which syncronizes users and passwords betwixt your directory and your NT 4 domain. I also had a bitch of a time setting it up when I was new to LDAP, threw up my hands in frustration, making dirty words. After staying up all night one of our former-Netscape whiz kids managed to get it running. The greatest piece of wisdom another former Netscape person who had wrestled with it in their previous employment could give me was to "turn schema checking off." I'm replacing the current LDAP implementation with OpenLDAP. I have talked to one person in my time who says that he likes the iPlanet IMAP server he has running on one of his Sparc boxen. IMO, LDAP is not for the faint of heart, assuming you want it to do ANYTHING more than just publish a telephone directory. You really need to swallow the red pill and start reading RFCs and books and things and testing things and fending off your NT admin manager meekly suggesting that if we just replaced everything with Microsoft Windows 2000 Active Directory Services for Unix it might just all work out. -danny -- http://dannyman.toldme.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message