- Member Intro (
-   -   LDAP Vs. Active Directory. ( 08-19-2009 03:09 AM

LDAP Vs. Active Directory.

I am looking for a professional comparison between LDAP and active deirectory including answers like:[LIST=1][LIST]
Where each is best used?
Can they coexist?
Ease or difficulty of support for each?
Background of support personnel?

EricTRA 08-19-2009 03:31 AM


An answer to your question.

Kind regards,


scottro11 08-19-2009 07:15 AM

AD is easier. (Our Windows Admin, a martial arts teacher on the side, won't be offended by me saying that.)

Firstly it's MS. This means that it has the advantage of easy to find, centralized documentation. If you get stuck, you can click help, put in a few keywords, and get clear
instruction with examples about how to do what you want to do.

An AD server, if I remember correctly, will also be doing DNS and (if used) DHCP--I'm not quite sure if that's actually considered to be an AD function, but it does seem to be pretty standard, that one server is doing all that.

OpenLDAP on the other hand, to quote the LDAP for rocket scientists site


LDAP is a complex subject. This Guide was born out of our pathetic attempts to understand LDAP, since it promised a veritable nirvana - common source for information, unlimited scalability using a replication model, inherent resilience, fast read performance, fine-grained control over who can do what to what data - the list goes on. Wonderful stuff.

That's the end of the good news.

The bad news is that IOHO never has so much been written so incomprehensibly about a single topic with the possible exceptions of BIND and ... and ... There are innumerable excellent HOWTOs scattered over the Internet, which are great if you need a tactical solution to a particular problem, and are happy to put up with the vaguely uncomfortable feeling that you are entirely dependent on something you don't really understand. We didn't want a tactical solution, we wanted a strategic solution to a whole set of problems, all of which all appeared to be ideally suited to LDAP, but we had to understand stuff ... we needed a WHYTO. This is our - perhaps pathetic - attempt to create it.

Not to mention that a guide for say, Debian, sometimes won't work for RedHat, and so on. I have my own pathetic little guide at where I did my best to summarize 2-3 months of work.

Whatever one wants to say about MS, they spend time and money on documentation that just isn't there in many open source projects.

Additionally, AD can be easily managed through completely graphic tools. LDAP doesn't need them, though in the end, it's always nice to have, at least, a graphical browser to see what's going on.

On the other hand, AD is MS, meaning it's costly. There is also Sun's Directory Server, which is now free, and comes with semi-good documentation, though, if using their native packages, for example, one has to search all over the place to figure out what to download--clicking on the download link for the upgrade patch, for example, takes you to a site to search Sun, which implies you may need a paid subscription for the patch, and if you click on the link to determine it you get page not found. This sort of thing is too common with Sun.

OpenLDAP is great, but you have to be prepared to do a GREAT deal of study to implement it at more than a basic level.

All times are GMT -5. The time now is 12:16 AM.