Loading
LDAP Series Part V - Getting a Grip on Directory Service Modeling
I have an observation I'd like to disclose about the Open Source community: We tend to leap into all kinds of things before we have all the facts and/or information necessary to make intelligent decisions. We criticize other communities, laugh at things like directory services from the two major NOS players, talk about all our great applications, etc. We hang on to old notions about what makes Linux tick. Sorry, but that model ESR defined doesn't fit any more. The community natter appears to come mostly from people who lack deep technical skills and knowledge of enterprises.
While Linux has garnered a major part of the UNIX market, it has not made much progress in the enterprise management field. Without directory services to create a serious model of an enterprise, Linux will continue to remain a great application server. Under Novell, Linux will become a nice kernel for the Netware proprietary stack.
I'm also concerned about the technology leader, Red Hat. Their inability to utilize the assets purchased from AOL demonstrates a lack of vision. With Directory and Certificate servers, Red Hat has the ability to provide Identify Management, user management and a more secure network environment. It needs to move quickly because its competitor, Novell, has Open Enterprise Server and that puppy provides outstanding enterprise tools.
Where to Start
An LDAP directory service provides the framework for enterprise management. Open Source LDAP servers need numerous features to compete and evolve into an identity management system. Running OpenLDAP or Fedora Directory Server from the command line may work for some but without a visual model and the ability to replicate across an enterprise transparently OSS LDAP stagnates. Also, the lack of a visual tool keeps OSS advocates from learning how to use OpenLDAP as an enterprise directory. FDS has a visual interface that's outdated and doesn't provide features useful across the enterprise.
Learning OpenLDAP and/or FDS starts with what seems like unnecessary root level orientation. The model focuses on setting up the top of the tree. That may appear like a place to start if you’re a complete geek who loves to fool around the hacking hardware code. It doesn't do much for an administrator.
Admins need the ability to focus on Organization Units (the ou) and model their organizations in the directory sever. We need to manage departments, people and resources across an enterprise. I want to see a set of organizational units under the auspices of a root server and I want to manage my mail, dns, dhcp, web services, shares, users and security. But unless you have lots o' bucks for Novell, the typical admin cannot do that.
An emerging OSS Organizational Model?
Unfortunately and maybe fortunately, Novell needs a low cost competitor. I suspect that such a development group will emerge as a startup. I'd like to see such an effort come from the Debian community. It's even OK with me if the Ubuntu team puts it together. I believe the effort will require a large team of dedicated developers who can finish a project.
I don't expect Red Hat to do this. Red Hat is already stretched thin meeting its low cost business model. Additionally, for perhaps the first time, Red Hat may have problems competing with Novell. As a side note, I can see the latter going after the best people at Red Hat as long as Novell does a Chris Stone with their monkey managers. I wouldn't work for either of those chimps.
Also expect Redmond's Open Source Software Lab to work with Novell to allow it into the forest. Redmond lacks some serious management tools. For example, have you ever attempted to run any command to see who is logged on to a server in a MS enterprise? Run any command you wish and you won't see what we can do with a simple command like “who
______________________
Webcast
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Sponsored by AMD
White Paper
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy
Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6
Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.
Learn more about catching the bad guy in this free white paper.
Sponsored by DLT Solutions
- Dynamic DNS—an Object Lesson in Problem Solving
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- Using Salt Stack and Vagrant for Drupal Development
- New Products
- Drupal Is a Framework: Why Everyone Needs to Understand This
- A Topic for Discussion - Open Source Feature-Richness?
- Download the Free Red Hat White Paper "Using an Open Source Framework to Catch the Bad Guy"
- RSS Feeds
- New Products
- Validate an E-Mail Address with PHP, the Right Way
- myip
2 hours 2 min ago - Keeping track of IP address
3 hours 53 min ago - Roll your own dynamic dns
9 hours 6 min ago - Please correct the URL for Salt Stack's web site
12 hours 18 min ago - Android is Linux -- why no better inter-operation
14 hours 33 min ago - Connecting Android device to desktop Linux via USB
15 hours 1 min ago - Find new cell phone and tablet pc
16 hours 3 sec ago - Epistle
17 hours 28 min ago - Automatically updating Guest Additions
18 hours 37 min ago - I like your topic on android
19 hours 23 min ago
Enter to Win an Adafruit Pi Cobbler Breakout Kit for Raspberry Pi
It's Raspberry Pi month at Linux Journal. Each week in May, Adafruit will be giving away a Pi-related prize to a lucky, randomly drawn LJ reader. Winners will be announced weekly.
Fill out the fields below to enter to win this week's prize-- a Pi Cobbler Breakout Kit for Raspberry Pi.
Congratulations to our winners so far:
- 5-8-13, Pi Starter Pack: Jack Davis
- 5-15-13, Pi Model B 512MB RAM: Patrick Dunn
- 5-21-13, Prototyping Pi Plate Kit: Philip Kirby
- Next winner announced on 5-27-13!
Free Webinar: Hadoop
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Some of key questions to be discussed are:
- What is the “typical” Hadoop cluster and what should be installed on the different machine types?
- Why should you consider the typical workload patterns when making your hardware decisions?
- Are all microservers created equal for Hadoop deployments?
- How do I plan for expansion if I require more compute, memory, storage or networking?
Developer Poll
Comments
gpinventory
The application to see whos logged on to a machine(s) is called gpinventory. also does alot of other useful functions
Any decent sys admin would know about this tool if they did there homework. yes, it would of been better if this was bundled by default, but it's only a download away and can be run from and xp machine.
I do think there is a need for a competing directory services that is free and global for linux and windows, but isn't that a very similar function samba 4 will bring, and ldap backend that is supported?
It will be interesting what policy funtions it will bring, as the nt4 policy editor and registry editing is not an ideal way of doing things, as the funtions AD has where polices can be removed is pretty useful. unfortunatly, samba4 is a wait and see aplication, so only time will tell with the true functionality it will bring.
might be worth request group policy functionality to the samba team.
Fooled again
From MS Download center:
Group Policy Inventory (GPInventory.exe) allows administrators to collect Group Policy and other information from any number of computers in their network.
alan wrote:
Any decent sys admin ...
ok big guy,
We're still attempting to find a MS command equivalent to "who"
who [options] [file] who am i
Show who is logged into the system. With no options, list the names of users currently logged in, their terminal, the time they have been logged in, and the name of the host from which they have logged in. An optional system file (default is /etc/utmp) can be supplied to give additional information.
We need to belittle people all the time
Alan writes:
Any decent sys admin would know about this tool if they did there homework.
actually, one of the best admins I know gave me this bit of information - a gold partner. So, I should tell him he didn't do his home work. Should I call him a jerk? Maybe, just maybe, he should stop teaching and throw away all his certifications.
Merry Christmas
the joy of writing
sorry, i didn't mean for it to come across that way... thats one of the most unfortunate things about non-verbal communication...it can get interprated in so many ways. i wasn't meaning this in a negative way and i did take the way you said it as "command" not "command line", to me command is anything run in the run box. again im sorry.
With xp and a 2000 AD infratructure.. MS were never really geared for the command line. more tools appeared for 2003, but there still not great at it.
the powershell, the new scripting thing from MS can do similar functionality with "Get-WmiObject -Class Win32_ComputerSystem -Property UserName -ComputerName COMPUTER"
but thats nothing near as nice as a single command, unless you encase it in a batch file of .vbs script. and this may not look at terminal client sessions.
MS current OS's as a whole are really just geared for GUI operation, so in a sense it is a semi futile quest to find such an utility. bit pants in comparison to *nix, but isn't that why more and more are adopting open source?
asked samba
I asked tridge in #samba-technical about group policy functionality and he said he is looking to implement it although its not been a priority.
He also said he is working on a "when it's ready" POV for samba4, so if anyone wants to speed things up, they can always get involved with samba development.
From this, it feels like this will meet the requirements of your article, might be worth interviwing the samba team on this.
LDAP
I am constantly disappointed at the quality of comments made by some of our readers.
It would be nice to see discussion without a condescending comment or chest beating.
I hope that future readers who choose to comment to Linux Journal article s also take the time to choose their words a bit more selectively so that readers can benefit from the information shared without having to wade through paragraphs of flaming and unnecessary chest beating.
Engaging in squabbling in a public forums make linux professions look like amateurs and in my opinion only serve to undermined the spirit of the information shared.
LDAP
Well articulated. My sentiments exactly.
-Tom