Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Applications /

Microsoft, Open Source fans try their hands at LDAP

By Joel Snyder
Network World, 05/15/00

In addition to testing the seven Windows NT-based Lightweight Directory Access Protocol servers, we also looked at the LDAP support Microsoft offers inside its new Active Directory and evaluated what the open source code option, OpenLDAP, had to offer.

We found that Active Directory, while it has issues with bulk-loading performance and offers an overlapping array of management tools, handles LDAP queries quite well and offers an excellent set of monitoring tools to help you keep an eye on the LDAP server. As for the Linux alternative, we were disappointed by OpenLDAP's performance and thought its lack of administration tools makes it difficult to use. OpenLDAP is better positioned as a starter kit to help you get a leg-up on LDAP than as a production-quality server.

We could not include Active Directory and OpenLDAP in our head-to-head comparative review because neither runs on NT 4.0. Active Directory only runs on Windows 2000; OpenLDAP runs on Linux.

If you were wondering whether Active Directory has a place as a stand-alone LDAP directory, the answer is . . . sort of. Active Directory's bulk-load time was horribly slow. At 33 records per second, you would be effectively restricted from bulk loading in any production environment. Additionally, Active Directory wouldn't allow some types of attributes to be added to the directory in bulk and insisted on consistency-checking every entry, which required us to change our schema just to get our data loaded.

However, the query and modify performance numbers achieved by Active Directory were quite speedy. It can keep a respectable pace against the very fast pure servers in most LDAP operations. These performance levels suggest that if you want to share your Windows directory with the world via LDAP, then a native interface to Active Directory would be satisfactory -- you don't, for example, have to export your Active Directory data into another LDAP directory. However, the poor bulk-load performance is a strong indicator that Active Directory is a less obvious choice for a pure LDAP directory.

Microsoft's Active Directory LDAP management implementation is somewhat scattered. Rather than taking a single approach to managing the LDAP directory, Microsoft built in several. Win 2000 ships with a pile of tools, many of which do the same thing but in slightly different ways or from different points of view. One useful tool is the LDP application that talks to LDAP directories using the LDAP protocol, making it a multivendor tool to explore and query.

Microsoft held to both sides of the highway on monitoring. Its directory performance numbers are available directly in the Win 2000 perfmon tool -- an outstanding way to get a graphical look at directory load and transactions. Microsoft also exposes those statistics through the new Web-based Enterprise Management (WBEM) interface, which in itself is fairly useless. However, there are WBEM-to-SNMP adapters available for Win 2000 from Microsoft that effectively make Active Directory's statistics available to anyone with an SNMP monitoring tool.

OpenLDAP, another pure LDAP server, had no graphical user interface, and required us to edit configuration files or issue shell commands for any changes. OpenLDAP also turned in very poor performance statistics across most of the operations we tested. In most cases, OpenLDAP ranked behind the other servers we looked at. The one exception was in multiuser wildcard queries, in which OpenLDAP kept pace with the leaders. The simplicity of OpenLDAP and the ease with which we installed it were definite pluses, making OpenLDAP a good prototyping tool for an LDAP directory. This is especially true if your final server is iPlanet's Directory Server or Innosoft's IDDS because the configuration and operation of the three products is very similar.

RELATED LINKS

Snyder is a senior partner at Opus One in Tuscon, Ariz., specializing in security and messaging technologies. He can be reached at joel.snyder@opus1.com.

Snyder is also a member of the Network World Test Alliance, a cooperative of the premier reviewers in the network industry. For more Test Alliance information, including what it takes to become a member go to www.nwfusion.com/alliance.

Review: Management tools and back-end services
X.500 directories offer more features, but LDAP-only directories are easier to set up and manage.

Review: Sizing up LDAP servers
iPlanet orbits the competition with superior performance and manageability.

Review: LDAP untangled
A simple look at what's up in the ballooning LDAP market, and what that means for your network.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.