I am so pleased to have fallen on this dicussion. I am about to expolore this for a hosted site of mine. I use the fedora directory service at the core of my ASP infrasturture. I have recently ported Sun's Open Federation (OpenSSO) product to succesfully use the Fedora directory (in the full way as though it were Sun's DS) as it is so close to what I would class as version 5.1x of Suns LDAP (aka NeiPlanet, Netscape) directory service. OpenLDAP by comparrision is like comparing a horse drawn cart to a sports car and calling it a vehicle too.
Fedora as an install gives me multi master replicas, filtered replication, timestamped attribute changes, replica chaining and referals, proxy user access for connection pools, schema sychronization so I can change the schema on the fly and it will sync with other replicas AND scalability. I get proper access controls and not some poxy set that may differ from server to server. In my work I have built some of the largest ldap's out there. (multi-millions). Fedora is pretty solid and I would not want to go forward with the Zimbra product unless I can successfully port, cludge, trick Zimbra to work with a real directory service. OpenLDAP just don't cut it for me! I would rather choose another product to host than be forced to use pieces that won't scale with my architecture.
Is there a plan to work on this in development or as a community group. I am certainly up for work on this. I am happy to do all the schema stuff etc.
I am curious what SASL stuff Zimbra uses that would not work with Fedora DS or Cyrus-SASL?
Do they do ldap adds, modifies, deletes etc with the Netscape java classes or SUN's JNDI classes?
Do they use connection pooling? Do they do a bind on each user for authentication or a compare as a diffent user agains userPasswd?
I have to get into this big time over the next week. If anybody is making progress or facing unsumontable obsticals I wiuld really like to know.
Regards
Graham |