Fedora directory users - Apr 2006 - Fedora-directory-users] How interhangeable are ldap, server?

Very important point made about knowing the extended features of each 
directory product. For example, Active Directory sets a hard limit on 
the number of entries returned by a search. The way around this is to 
use the Paged Results control extension (good feature). Problem is that 
while this control is supported on AD and OpenLDAP it *is not* thus far 
supported by any of the Netscape derived directory products (i.e. Sun, 
Fedora/Red Hat). Another extension with uneven support is Server Side 
Sort (not my favorite feature). This is available on Sun/Fedora/Red Hat 
*but not* on Active Directory or OpenLDAP.

The foregoing brings up another point. Although programming to the LDAP 
protocol itself (apart from various vendor extensions) is pretty uniform 
the configuration of each individual directory may not necessarily be. 
Maximum number of results returned, restrictions on access to the root 
dsn or schema dn can differ based on the administrator''s preference. So
besides knowing the different directory products and what they can do, 
you should also invest some time in getting to know the admins for the 
directories you''ll be querying and find out how they''ve been
configured.

Phil Lembo

Philip Lembo wrote:
> Very important point made about knowing the extended features of each 
> directory product. For example, Active Directory sets a hard limit on 
> the number of entries returned by a search. The way around this is to 
> use the Paged Results control extension (good feature). Problem is that 
> while this control is supported on AD and OpenLDAP it *is not* thus far 
> supported by any of the Netscape derived directory products (i.e. Sun, 
> Fedora/Red Hat). Another extension with uneven support is Server Side 
> Sort (not my favorite feature). This is available on Sun/Fedora/Red Hat 
> *but not* on Active Directory or OpenLDAP.
You can limit the size of searches (and a few other things). I''m not a 
FDS developer but I remember this in the Netscape days so unless Sun has 
removed it, it applies to the Sun/Fedora/Red Hat servers.

The documentation shows how to do it per-user.

http://www.redhat.com/docs/manuals/dir-server/ag/7.1/password.html#1085603

In a quick search of the docs I didn''t see how to do it on a global 
basis but in the console you can do this from Configuration->Performance.

rob
> 
> The foregoing brings up another point. Although programming to the LDAP 
> protocol itself (apart from various vendor extensions) is pretty uniform 
> the configuration of each individual directory may not necessarily be. 
> Maximum number of results returned, restrictions on access to the root 
> dsn or schema dn can differ based on the administrator''s
preference. So
> besides knowing the different directory products and what they can do, 
> you should also invest some time in getting to know the admins for the 
> directories you''ll be querying and find out how they''ve
been configured.
> 
> Phil Lembo
> 
> 
> -- 
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users

Philip Lembo wrote:
> Very important point made about knowing the extended features of each 
> directory product. For example, Active Directory sets a hard limit on 
> the number of entries returned by a search. The way around this is to 
> use the Paged Results control extension (good feature). Problem is 
> that while this control is supported on AD and OpenLDAP it *is not* 
> thus far supported by any of the Netscape derived directory products 
BTW, another way to look at this is that AD is broken in that it can''t 
return all the
results for a search to the client, and hence has to have the paged 
results control mis-feature.
Netscape (and all UMich -derived products)  aren''t broken in this 
respect and hence
do not need the paged results control.

;)

Does anyone know of a list documenting differences/incompatibilities between
directory servers?

I realize that some of this knowledge is only going to come with experience,
testing, and communication with our client''s IT people, but we need to
do
everything we can to play seamless with various directory servers.  Our
needs may or may not allow us to stick to a 100% generic model, but if we
can we have to try to.

Thanks,
-Mont

On 4/15/06, Philip Lembo <phil.lembo@gmail.com>
wrote:
>
> Very important point made about knowing the extended features of each
> directory product. For example, Active Directory sets a hard limit on
> the number of entries returned by a search. The way around this is to
> use the Paged Results control extension (good feature). Problem is that
> while this control is supported on AD and OpenLDAP it *is not* thus far
> supported by any of the Netscape derived directory products (i.e. Sun,
> Fedora/Red Hat). Another extension with uneven support is Server Side
> Sort (not my favorite feature). This is available on Sun/Fedora/Red Hat
> *but not* on Active Directory or OpenLDAP.
>
> The foregoing brings up another point. Although programming to the LDAP
> protocol itself (apart from various vendor extensions) is pretty uniform
> the configuration of each individual directory may not necessarily be.
> Maximum number of results returned, restrictions on access to the root
> dsn or schema dn can differ based on the administrator''s
preference. So
> besides knowing the different directory products and what they can do,
> you should also invest some time in getting to know the admins for the
> directories you''ll be querying and find out how they''ve
been configured.
>
> Phil Lembo
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>