I've spent the last few months immersed in Oracle's identity management products as part of my preparation for working on a team bringing Oracle ERP to my company. These products are surprisingly good, particularly the core Oracle Internet Directory (OID). OID is basically an LDAP listener for an Oracle database. I've been quite impressed with it's performance and features (for example it supports both Simple Paged Results Control and Server Side Sort). Of course, like all directories except those from the Netscape lineage (Sun and Red Hat's in the current market), it failed my super-secret stress test -- predictably crashing when I did a ridiculously large bulk load imto it. That's not Oracle's fault, it's just a consequence of inefficiencies in the LDAP protocol.
In the little spare time I've had during the last week I was able to install and begin working with the latest release of Fedora Directory Server. I've been considering moving my home environments over to FDS for some time now. While reluctant to give up the simplicity and rock-solid stability (well, most of the time) of OpenLDAP, going to full immersion mode with FDS has been a long time coming. One of the differences between this conversion and the brief forays of the past is that I'm pairing it with a working deployment of JBoss.
While I try to keep an open mind about the appropriate uses of closed source software, I continue to believe that open source development provides better, albeit sometimes imperfectly executed, results. The open-sourcing of the former Netscape Directory codebase was a major, revolutionary, step for the identity management business. Warts and all, that codebase has consistently delivered superior results during it's lifetime. The Fedora team has made some significant improvements. One of my favorites was replacing the old Netscape web server code for the Administration server with Apache.
Because of this continuing effort to improve the codebase I am much more comfortable with plans by the developers to more tightly integrate FDS with Fedora Core, and presumably, Red Hat Enterprise Linux. While the OpenLDAP SDK and tools have served the community well, there's no reason FDS can't be positioned to provide a high quality alternative. From a system administrator's perspective, OpenLDAP's ubiquitous libraries and tools have provided a kind of standard that should not be taken for granted. As we've seen with other open source projects, the ultimate solution might be a convergence of the code where OpenLDAP and FDS adopt the best features from each others source.
Perhaps the greatest contribution by the FDS developers so far has been the additional documentation they've published. The Documentation Wiki provides information and techniques that I've found helpful even in my company's Sun Directory environment. I'm looking forward to using it to build my own reference environment in the home lab.
Look for this blog to me a little more active from this point forward, as I explore FDS in more depth and note my progress here. Hopefully