> The Unix/Linux teams are keen to make more use of LDAP lookups and use
> it for more systems, and are looking at specifying new hardware to
> augment the service.
>
> Management are asking whether we need a separate OpenLDAP-based
> service, given that we have AD, and AD provides LDAP services itself.
>
> I was wondering what other UK universities are doing on this point,
and
> (if you were to start again) would you take the same approach?
>
> My main concerns are:
>
> (1) We've historically been reluctant to do anything to extend the AD
> schema beyond those extensions provided by Microsoft, due to the risk
> of it causing support issues further down the line; whereas the
> OpenLDAP service has various custom schema changes to accommodate the
> requirements of some of our other services.
>
> (2) I worry that as AD provides most authentication services, if
> something happened to cause it to be hammered with LDAP requests from
> misbehaving services it would have a detrimental affect on our
Windows
> systems that are "just" using the standard AD services.
>
> Is there anything else I should consider?
1) You'll probably find openldap many factors of times faster than AD
in a large distributed AD environment.
2) Depending on the APIs of the applications you're using, you may find
that AD really confuses them. AD doesn't always respond in the way you
expect. Only using Microsoft AD(LDAP?) libraries helps here. We've seen
problems with PHP, Perl and others libraries in the past.
--
Simon Palmer
Head of Development
Colegsirgâr
e-mail: [log in to unmask]
tel: 01554 748088
www.colegsirgar.ac.uk
Mae'r e-bost hwn ac unrhyw ffeiliau atodedig yn gyfrinachol ac at
sylw'r unigolyn neu'r sefydliad a enwir uchod. Bydd
unrhyw farn neu sylwadau a fynegir yn perthyn i'r awdur yn unig ac ni
chynrychiolant o anghenraid farn Coleg Sir Gâr.
Os ydych chi wedi derbyn yr e-bost hwn ar gam, rhowch sylw i'r
gweinyddwr ar y cyfeiriad canlynol:
[log in to unmask]
Cysidrwch yr amgylchedd - a oes wir angen argraffu'r ebost hwn?
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to
whom they are addressed. Any views or opinions expressed are solely
those of the author and do not necessarily represent those of Coleg Sir
Gâr. If you have received this email in error please notify the
administrator on the following address:
[log in to unmask]
Please consider the environment - do you really need to print this
email?.
|