HI ALL

i need a help , what is the defeerence between the LDAP and the Active Directory in windows 2000 server, actually i found that windows 2000 give the admin a great support and easy work with AD , ofcourse via LDAP protolcol which is very fast in search accross the network, add to this the replication procuders between sites ,so does Linux sys provide the same strategy or its more complicated than MS windows 2000.

Add to this how can i creat or design my domain with Linux; with ms just u have 2 create a DC integerated with the dns .

thx

Things I understood from ur post are:
1 - Whats LDAP and Win2K AD?
2 - Do LDAP servers on Linux replicate? or have the capability?
3 - How to design a MS Win2K Domain using OpenLDAP?

Ok Ill try my best to answer what I understood :)
1.1 - LDAP is short for Light Directory Access Protocol. You can think of it as a database optimized mainly for reads or searches. But it is not a database as MySQL or any other DB. It is a directory that can hold information about anything; UNIX accounts, RADIUS users, WEB Hosting accounts ... etc
1.2 - The Win2K AD is an implementation of the LDAP protocol that is specific to MS. You no that when u misconfigure ur server it becomes a specific one :)
1.3 - The LDAP uses schemas in order to resolve objects requirments and violations. Schema is the most important thing in an LDAP setup. AD has its own schema u should no it in order to do anything with it.
1.4 - Check http://www.openldap.org and RFC3377 for more details

2 - Yes OpenLDAP is fully compliant with LDAP RFCs. It replicates to one slave or more; part or all of the ldap tree; and part or all of the attributes in the objects. You can customize the replication as u like.

3 - From answer 1 yes but u should import the AD schema into ur OpenLDAP server. I think the SAMBA guys could be of great help check them.

I believe no is know
:)
Translate some of the above nos and knows.

Regards

I think that Im talking to ppl smart enough to distinguish whether it is a NO or a KNOW :) arnt u? :)

thx alot

now i can use OPENLDAP instead of AD of MS , and if anyone use OPENLDAP tell us about performance and stability.

thx

Regarding performance and stability I forgot to tell that the AD needs 4 (FOUR) hours to replicate any changes from the master to the slaves. I didnt measure it but this is quoted from the Microsoft guys themselves.
u mean the performance and stability when it replaces the AD?
if so then I cannot tell I didnt do it nor ve any info.
but if u mean the stability and performance of OpenLDAP generally then I can tell
Before we deploy LDAP a server of our servers was barely able to handle 100 concurrent connections with CPU utilization near 100% and load is 100+ now the same hardware without any modifications except running LDAP delivers 1000 concurrent connections with load below 3 and CPU below 20%
With benchmarking this computer was able to handle 1.5M+ search operations daily, 400K+ update operations daily, and 200K+ insertion operations daily.
The benchmark was done on a database of 30GB

r u going really to run OpenLDAP as an AD?
so did u get the schema?
did u no the authentication mech?

ana fahem tashash keda

i know this is much bigger than me and i should play in some other posts not here :)

but i would like to ask about the 4 hours thing

replicate things = synconrize changes between servers (i.e new user account was created, new shared printer was added) ?

if right then there should be an option to control the time parameter , what if i have freqent changes and i want to sync. every 15 min ?

law kalamy barra el mawdo3 wana batkalem 3la 7aga tanya just ignore me

your tashash is very good :)
really I am not that expert at MS stuff but as I said b4 it is quoted from the MS guys at a presentation for the Win 2K3 and its features. Surely they said what was bad in the previous version and it was that 4 hours thingy regardless of the number of changes. I am not sure also whether it can be scheduled @ 15 mins intervals or not. They claim that the replication in Win 2K3 takes only 4 seconds. In our setup the OpenLDAP replication is instantly and there is no the 4 secs thing either :) Viva Linux
yes replication is exactly as what u said :)

actually as a MS admin , in their books they said the replication occurs every 5 mins between replicas,and we tested and found out they r wright . Also u can schadule the replica processes.Add to this there an integeration with DNS ,so only secure update can occure in the DNS database.in the way that simplify the confuguration of both AD & DNS .Also the Dhcp server must be authorised in the AD before it can work.

generally all actions in all r automatic , just good configuration at the beginning and every thig go perfect.


i am just try 2 figure out the best way 2 admin and 2 configure the process of LADP or in MS called AD with its easy GUI .

thx 2 u all

ya rab bas el wa7ed ye3ady el tashash dah one day :D

about the instant replica , isn`t that cosnidre un healthy for the network

i mean what if it needs to replicate large amount of data , won`t this make an extra traffic sometiems in wrong time ?

or u mean that it is just capable of instant replicating but u change it according to ur needs ??

and in linux when working in these things , is it through GUI or text configuration files and console we keda ?

Actually my info about the AD was not complete enough. The 4 hours thing happens when the master and the slave are in different sites. A site is an MS term that can be simply two subnets of the same LAN.
If they are in the same site they replicate instantly as in OpenLDAP and cannot be scheduled.
The off-site servers can replicate once a day only and takes four hours even if u just changed one attribute.
The OpenLDAP has nothing to deal with the site term. Replication can happen instantly or scheduled.
Yes the replication would make the network unhealthy but as I told b4 the LDAP is not meant for the so frequent changes. It is also not good for updates; if u study the benchmarking results u would find that the searchs are at least 4 to 5 times faster than the updates.
Till now the OpenLDAP GUIs are for browsing the Directory and/or doing manual updates. Sure u could do scripts and programs that can talk to LDAP but Im talking about the ready amde tools. The configuration part or administartion part is done thru CLI. The one missing thing I hope I find in OpenLDAP as a tool that simplifies the hassle of ACL. ACLs need very care when being implemented because it could simply render ur directory useless.
Im not sure and I can guess that the AD has nothing to do with the ACL at all. Or I think that u cannot use the LDAP in something rather than the task MS assigned to it.

what is CLI and ACL ?

Command Line Interface
Access Control List

ok sattia


according 2 my knowledge the AD replication between sites is incremental ,that means only the changes r replicated not all the schema, add 2 its secure through a set of encripted protocols,also there is no matter with ACL in AD because the 3 scopes of groups in AD .About the traffic , u schadule the replia 2 occure in day breaks or day off,in such away u avoid LAN traffic.

in my point of view MS is more easy than the CLI in Linux.

nothing is perfect 100%

thx

i need help in implementing openldap sattia , actually i tried through webmin , but cant manage it ??

Continue this in the other thread that you have created.

Regards

someone asked about OpenLDAP
Here is an article
http://networking.earthweb.com/netsysm/article.php/10954_3095841_1