Craig White <craigwhite@xxxxxxxxxxx> wrote: > I hesitate to go on this divergent path but I was never > convinced that Red Hat has opened their heart to openldap... > RHEL 3 after all shipped the ancient 2.07 version Red Hat Linux 8/9 is well over 3 years old! RHEL 3 is based on that. > and RHEL 4 continues to languish with a partially broken > 2.2.13 Fedora Core 2/3 is now over 18 months old. RHEL 4 is based on that. > and only recently have they finally tried to integrate a > broken but commendable effort of openldap & kerberos in FC-4 And now you know _why_ they decided to go NsDS last year. Because OpenLDAP 2.2 at the time was really missing a lot without requiring a lot of site customization. Unlike the few vendors who tried to integrate a "basic" OpenLDAP with maybe a Samba schema and store at best, Red Hat wanted a _true_ LDAP + Certificate + Kerberos + etc... setup out-of-the-box for UNIX networks (not just Windows/e-mail). The only good OpenLDAP implementations I've seen are the ones where people put a _lot_ of effort into their own, custom schema. It's really an undertaking, and not one I'd even want to look at. Again, outside of some cookbook OpenLDAP+Samba setups, there is a _lot_ that OpenLDAP requires someone to integrate that NsDS did well off-the-bat. Especially the ADS integration portions where NsDS is a _peer_ or "master" to ADS, not just its "bitch" (member server and _not_ really a directory server ;-). -- Bryan J. Smith | Sent from Yahoo Mail mailto:b.j.smith@xxxxxxxx | (please excuse any http://thebs413.blogspot.com/ | missing headers)