Providing directory services with LDAP requires a careful look at the options
Kevin: Our questioner this week has a network that is growing by leaps and bounds, and he is continuously adding services and mixed-platform servers. He's been told to implement an LDAP (Lightweight Directory Access Protocol) server to handle user authentication and other directory services. Now he'd like to know what the various options are.
There is a wide range of choices when it comes to setting up an LDAP server. There are stand-alone products, such as Netscape/iPlanet Directory Server and OpenLDAP, as well as LDAP services that are built in to directory services products such as NDS (Novell Directory Services) and Windows 2000's Active Directory. I'll take on the stand-alone products and speak a bit about Novell NDS; then Lori will discuss the options included in Active Directory and touch on NDS as well.
For many companies, especially those with a mixed-platform environment, the iPlanet Directory Server from the Sun/Netscape Alliance is a popular choice. It integrates well with other iPlanet components (such as their Enterprise Web server, iPlanet Application Server, and iPlanet Calendar Server). The iPlanet Directory Server runs on Solaris, Linux, HP/UX, Irix, AIX, Tru64 Unix, and Windows NT/2000. The Web-based interface and tight integration with other iPlanet products makes this a strong choice for large enterprise environments.
The iPlanet Directory Server can be configured to access LDAP data from other sources, such as NDS or Active Directory servers. This also eases integration and migration troubles because all of the pertinent directory information can be synchronized between servers, and then the iPlanet server can be used as the primary source for LDAP information.
For businesses that need an easy-to-implement and inexpensive LDAP server for Unix-based platforms, OpenLDAP is worth consideration. Currently in Version 2.0.6, OpenLDAP is a powerful, standards-based implementation of the LDAP protocol that is developed in the open-source community. It is available in source format and can be set up on many Unix-based platforms.
If your infrastructure includes Novell NetWare servers and you use NDS for user authentication, you can easily add that functionality to other platforms. NDS eDirectory 8.5 is available for NetWare, Windows NT, Windows 2000, Linux, and Solaris, and can give your servers LDAP functionality. It also integrates well with other Novell products, such as Novell Certificate Server and Single Sign-on.
There are myriad choices. Before deciding on a particular LDAP server or implementation plan, make sure to do your research and find out how well the various products and services your company supports will integrate with each solution.
Lori: As Kevin mentions, there are several choices available for managing and authenticating users and directories. If you are an existing Novell shop (or even if you are not) you may want to implement NDS eDirectory, which is available for multiple platforms and natively supports LDAP. This is an inexpensive solution -- just $2 per user; Novell also has an NDS Corporate Edition at $26 per user that offers more features for managing network resources.
For those wanting to go the Microsoft route, Active Directory is built into Windows 2000 and lets you manage users, servers, and directories. Active Directory supports LDAP natively over SSL (secure socket layer). Active Directory makes administrators lives easier with its centralized management of resources and users.
NDS is also available for Windows NT/2000 servers, so if you are heavily invested in NetWare you'll find this attractive. A good deal of information can be found on their Web sites; you can compare the benefits of both. In either case, much planning is required for implementing an LDAP service and especially for Active Directory, which is not for the faint of heart.
If you are not ready to invest in the stand-alone model, then I suggest using Active Directory or NDS.