ApacheDS 0.9 Released: An Enterprise Directory Server Platform


News: ApacheDS 0.9 Released: An Enterprise Directory Server Platform

  1. The Apache Directory team is pleased to announce the release of ApacheDS 0.9, a pure-Java LDAP server.

    Our primary vision is to build an enterprise directory server platform and its components where other Internet services snap in to store their data within the directory so they may be managed using LDAP. Those services include LDAP itself, DNS, DHCP, SLP, UDDI, NTP, and most importantly Kerberos, which can integrate with the services to provide full-featured network authentication service.

    • Designed as an LDAP and X.500 experimentation platform.
    • The server exposes all aspects of administration via a special system backend.
    • Both the backend subsystem and the frontend are separable and independently embeddable.
    • Provides a server side JNDI LDAP provider which directly interacts with the backend storage.
    • Powered by MINA which can handle large amounts of concurrency.
    Changes in 0.9:
    • Added a Kerberos plugin which provides a full Kerberos V service
    • Customizable authentication
    • Replaced APSEDA with MINA
    • Revamped interceptor interfaces and implementations
    • Added Samba / DHCP schema
    • Refactored and cleaned up APIs in general
    • Fixed numerous bugs
    The Apache Directory team is looking for developers and users to work with the server and give feedback. Mailing list information is at: http://directory.apache.org/mailing-lists.html
  2. OpenLdap comparsion[ Go to top ]

    Can someone compare this to OpenLdap
  3. OpenLdap comparsion[ Go to top ]

    Well, for one OpenLDAP is a C based application and ApacheDS is java based. I can't tell you any performance differences, but ApacheDS is much easier to add custom logic to via it's interceptors and acts as a "platform" for services (such as ldap,dns,dhcp,kerberos....) as opposed to being simply a directory server. OpenLDAP is much more mature and includes access controls, a proxy, SASL support, replication and a few other features I can't think of off the top of my head. It's also been used more and has more of a "corporate" following at the moment.
  4. OpenLdap comparsion[ Go to top ]

    Thanks, marc.

    Performance has not been really deeply tested, but some of the tests done had shown that ApacheDS is competitive against OpenLdap.

    Some more tests are to be done, and will be, for sure !
  5. OpenLdap comparsion[ Go to top ]

    Yah Marc good summarization! Thanks.

    Just a couple additional points...

     o ApacheDS has the potential to plugin any protocol especially those services whose information would naturally fit within directory access model. ApacheDS just eliminates the latency ;). However note that these additional services and protocols are optional. ApacheDS without these plugins is just an LDAP server like the OpenLDAP server.

     o OpenLDAP is much more mature and there is just no comparison here. However we hope to bridge the differences quickly thanks to a lack of #IFDEFS and a simpler architecture. NOTE: Our purpose is not to compete with an OpenLDAP. It is very important that people understand that. ApacheDS will find its place whether it is as an integration component within appservers or even standalone as a vanilla LDAP server.
    • Designed as an LDAP and X.500 experimentation platform.

    What do you mean by "experimentation". I'm not sure I want to spend the time testing out something that is an "experimentation platform".
  6. >What do you mean by "experimentation". I'm not sure I want to spend the time testing out something that is an "experimentation platform".


    the sentence is not very explicit about it, and can be misinterpreted. "Experimentation" is connected to "X500", not LDAP !

    So, feel free to spend a little bit of time using the Ldap server... It's not perfect yet (0.9), and need some improvment and users feedback for sure !
  7. That's exactly what it is. An experimentation platform.

    If you're after stock, generic LDAP functionality, then you're probably not in the market for something like ApacheDS. If you want something a little more in an LDAP server, and don't mind crafting it yourself, then ApacheDS may well be a fine starting point.

    If you want a Java based LDAP server (for whatever reason), then you might want to consider ApacheDS.

    But, if not, no big deal.
  8. If you want something a little more in an LDAP server, and don't mind crafting it yourself, then ApacheDS may well be a fine starting point.If you want a Java based LDAP server (for whatever reason), then you might want to consider ApacheDS.But, if not, no big deal.

    Its a big deal.
    What i understood from ApacheDS docs is that its not just a directory server,though the primary intention would have been to support LDAP.
    If you look at the architecture it has abstraction for many network protocols. I was personally looking for a directory server which supports both LDAP and UDDI. ApacheDS has it. As per my analysis , in future a diretcory server has to support UDDI ,and i dont want to go for seperate directory servers for LDAP and UDDI.
    Besides, ApacheDS has support for JNDI with a backing storage.i dont want to go for another product to use JNDI.

    With ApacheDS i can do User Lookups, Object lookups, Services lookups. all my lookup needs are satisfied.

    Congrajulations to ApacheDS team.

  9. Surajeet you seem to be in line with our thinking. UDDI is sooo easy to implement and snap right in. Especially with embedding the server into other appservers this feature will be even more appreciated.

    Regardless of appserver integration just doing UDDI with LDAP makes lots of sense. It's all about fast read optimized lookups. You obviously understand this ;).

    Great intuition!

  10. No need to worry. The architecture allows for radical changes to the server using interceptors, plugins and custom backend implementations with a very small learning curve. This makes ApacheDS ideal for those who want to experiment with it and protocol features. That's all that is meant be the comment of it beingg an experimental component.

    So after you download the stock release which if a stable release you should not worry about it's quality. When you download it you can start experimenting with it by adding custom backends, new interceptors, more schemas, and more. So its just flexible. Perhaps we could have picked better words ;).
  11. Does Apache DS support LDAP server controls like Virtual List View, Server-side Sorting, Paged Result sets, etc...
  12. None there yet but they could be added some very easily. Any help in this area is much appreciated.
  13. More info[ Go to top ]

    I am interested in knowing more about MINA and its roadmap. On the ApacheDS website, only version 0.7 has a clear release date and on JIRA I don't remember future versions having attached release dates.

    I played a bit with MINA 0.7.1 (snapshot) and encounter no problems. But I wonder how mature is it? Better than Netty2 in its present incarnation? How does it perform?

  14. More info[ Go to top ]

    MINA 0.7 was an internal release, and we're going to release 0.7.1 very soon. We've been testing MINA for quite a long time and it didn't show any significant bugs for last month.

    We've not decided release date of 0.9 yet. 0.9 will provide cleaner API than 0.7; we're revamping API for more developer convenience. But migrating to new API will be really easy. You can preview the new API at 'api_integration' branch.

    Of course we promise that we'll maintain 0.7 stream while developing 0.9. :) We'll release 0.8 based on 0.7.x when 0.7 stream is considered very mature.

    Thank you,
    Trustin Lee
  15. I wonder why apache calls most of its projects "Enterprise".
    I did testing of both ApacheDS (enterprise directory server) and JAMES (enterprise mail server).
    ApacheDS falls to its knees after I insert 100K plus ldap entries, grows to 1.5G rss if i filter '(objectclass=*)' for these 100k entries.
    JAMES is biased towards small email servers for small-to-medum sized companies. It is nowhere close to "enterprise" usage.
    Why "enterprise" tag?
  16. You're being a bit hard.
    ApacheDS is, as its name implies, a 0.9 version. It has not even been really benchmarked as a whole yet as Emmanuel said.

    Personnally as a first release, I worry more about reliability and simplicity than performance.

    Considering the experience, skills, knowledge and goal of people on board this project, I seriously believe that it will lead to some rock-solid piece of directory, if it continues this way.

    I you have any issue with the performance, you're welcome to open a jira issue here and attach your testcase with information about the problem. If you have any information to see how it scales compared to commercial directories, it's even better I think.
  17. I think the issue is less performance then capacity. 100k entries isn't much in an "enterprise" environment. Then again, an "enterprise" directory needs at minimum hashed passwords, access controls and replication (features that haven't yet made it into .9). I think ApacheDS will in the future be able to wear the badge "enterprise", but at the moment it's still a development and experimentation platform from all accounts.