Skip to content

Increase in enquiries for migrations from Sun Directory and other directory servers to OpenLDAP

LinuxOpenLDAPOpen SourceSuretec Hi all,

Everyone involved in the directory sector and OpenLDAP has been seeing lots more enquiries to migrate from Sun Directory to OpenLDAP as the future of Sun Directory, now Oracle owns Sun is becoming a concern, as is their new pricing model. We obviously have experience doing this and migration from any other directory server.

If you want to convert your enterprise directory from a proprietary and expensive closed-source supplier to OpenLDAP, a modern, more efficient, and less expensive Open Source software solution please do contact us.

Our partners Symas also have a Directory Services Upgrade Program that we can do for you in the UK:

Convert your Enterprise Directory from a proprietary and expensive closed-source supplier to OpenLDAP, a modern, more efficient, and less expensive Open Source software solution. Typically, enterprises dramatically reduce their annual cost converting to OpenLDAP from Sun, Oracle, Netscape, or iPlanet Directory Services products. The workload requires half or less the power and capacity for substantially improved performance. This is a relatively easy transition to make because LDAPv3 is highly standardized and OpenLDAP conforms to the most demanding requirements of the Internet Standards (RFC[?] 4511 and related RFCs)..

Symas Corporation will be glad to consult with your team and offer you a fixed-price, fixed schedule offer for conversion of your Enterprise Directory technology. This service includes:

- A complete evaluation of your present Directory Services servers
- A Detailed plan for implementation of the new technology
- A roadmap for conversion of existing LDAP[?] applications and data feeds
- Conversion of schema definitions
- Access Control conversions/implementation
- Database transfer and clean-up
- OpenLDAP deployment, tuning and configuration
- SSL Certificate Conversion
- Database reload
- Assistance with application testing
- Operational team training (LDAP University)
- One year of standard Gold
- level Symas OpenLDAP technical support

Please do contact us.



Monitoring your LDAP directory

OpenLDAPOpen Source Hi all,

Andreas Andersson posted this on the openldap technical list last week about CN=Montior:

My name is Andreas and I want to inform you about a little project I've been working on called CN=Monitor.
It's about monitoring and verifying directory servers with focus on open source LDAP[?] servers. From single installed servers to large scaled deployments.

Its a webbased application where you can:
- Verify availability, compare load and performance between servers
- Collect historical events for long term analysis (and get weekly reports by mail)
- Verify cluster and load balancing functionality
- Query several directories at the same time for data consistancy verification
... and a lot more.

Why the name CN=Monitor. Well.. a lot of the information collected and analyzed is gathered from the CN=Monitor base DN.

Looks very promising!!!

Will keep you posted,


Webinar: 'Guide to Scaling OpenLDAP with MySQL Cluster'

OpenLDAPOpen SourceSuretec “Guide to Scaling OpenLDAP with MySQL Cluster” on June 24th at 10:00AM PST. Howard Chu, CTO of Symas Corporation, will be the primary technical presenter. This is going to be a repeat of the great pitch we did at the MySQL Conference in Santa Clara. This is a terrific introduction to the OpenLDAP Driver for MySQL Cluster for people interested in this new database technology for LDAP[?] directory data.

Register here


OpenLDAP build farm

OpenLDAPOpen SourceSuretec Dear all,

Just a quick update to say things are moving forward on the OpenLDAP build farm and very soon (after more testing) you'll be able to submit your desired platform for testing and upload your build results!

More later (next month),


OpenLDAP Replication Strategies

OpenLDAPOpen SourceSuretec At this years UKUUG's annual Large Installation Systems Administration (LISA) conference I gave a talk on OpenLDAP Replication Strategies. You can grab theOpenLDAP Replications Strategies PDF or SlideShare version.

Other presentations regarding OpenLDAP that day (including one from Howard, the Projects Chief Architect and Symas CTO), OpenLDAP and MySQL: Bridging the Data Model Divide and Andrew Findlays Writing Access Control Policies for LDAP[?]


OpenLDAP for Fortune 20 Enterprises

LinuxOpenLDAPOpen Source HP decided to partner with Symas on OpenLDAP. We engineered as well as funded major contributions to OpenLDAP. On several occasions, we had the opportunity to put the facilitator model to the test. Would Symas be able to respond to urgent support calls? Would they be able to turn around quick patches to fix bugs? Would they be able to get those patches accepted by the OpenLDAP project? Would the OpenLDAP project embrace the overall work of HP and Symas, even though it meant significant change to the underlying codebase? The answer to each of these questions was a resounding yes, and our expectations for working in this model were fully validated.

Learn how to do this for your Enterprise.

For Enterprise grade OpenLDAP Support and consultancy, contact Suretec or Symas.

Hardware and Operating System Best Practices for OpenLDAP

LinuxOpenLDAPOpen SourceSuretec Just a quick one to say our partners Symas have written a very nice peice about how to pick your base hardware and operating system for use with OpenLDAP in your Enterprise:

The key to this first factor is that OpenLDAP is the most efficient, most stable, and most suitable LDAP[?] Directory Service technology for Enterprise production use. Installing it as a new service or an upgrade to an older technology will be the most cost-effective step assuming the capacity is available. In general, replacing an older Directory Technology will reduce the processor load by two to five times. It will also improve the stability of the server(s) making simplification of configurations tuned to frequent server outages possible. Symas OpenLDAP is available under inexpensive annual support subscriptions with no consideration for the number of CPUs in the server or the number of objects/entries in the Directory, too. So, our preference of platform, in general, is put OpenLDAP (Symas OpenLDAP) on what you’ve got!

Read the full article

LDAP Roundup

OpenLDAPOpen Source Some interesting reading in the LDAP[?] Sector tonight that is worth noting:

- Excel LDAP Search 0.56

This is actually pretty cool. Does have one? Almost.

- Windows Server 2008 - Active Directory certified for the BC-LDAP-USR Directory Interface for User Management

I find this post funny, as SAP already say "SAP's directory interface lets you consolidate user data from SAP systems with data from directories that implement the Lightweight Directory Access Protocol (LDAP)."

Active Directory, implement LDAP? They don't even get it right with ADAM[?].

So why is it certified when any Directory Server will do?

- OpenLDAP Configuration Automation

Why is this interesting? Well it's already on an OpenLDAP TODO list.

- Six Questions on building Identity Enabled Applications...

Here some quick answers, I'm sure others will have deeper replies:

- Protocols:Nowadays, the folks over at the Burton Group such as Bob Blakely, Dan Blum and Gerry Gebel have put together the most wonderful XACML interoperability events. The question that isn't addressed is if I am building an enterprise application from scratch, should I XACML-enabled, think about integrating with STS, stick to traditional LDAP invocation or something else?

I would ask what problem is the application addressing? What protocols are actually needed for it to provide a solution and what does the customer want?

Anyway, I'm not sure how industry wide XACML has been adopted (that's mainly due to my lack of exposure to it and doesn't imply that it's not), but LDAP isn't going anywhere.

- Virtual Directories: What role should a virtual directory play in an Identity metasystem? Should virtual directory be a standalone product in the new world and simply be a feature of an STS? If an enterprise were savage in consolidating all directory information into Active Directory, why would I still need virtualization?

Point by point: Virtual Directories help with data consolidation, that is their role. I think yes, standalone where it is needed. I don't think any enterprise should be that dumb.

- Entitlements: One missing component of the discussion is authorization and their is somewhat too much focus on identity. Consider the scenario where if you were to ask my boss if I am still an employee, he would say yes as he hasn't fired me yet. Likewise, if you ask him what are all of the wonderful things I can access within the enterprise, he would say that he has no freakin clue, but as soon as you figure it out, please let him know. Honestly, even in my role, there are probably things that I can do but shouldn't otherwise have access to. So, the question becomes how come the identity conversation hasn't talked about any constructs around attestation and authorization?

I think because it always comes down to what the application is trying to do and the fact that these applications tend to do it all internally. There's more discussion over at SAML and Federated Identity Part 2 - Identity Management

- Workflow: Have you ever attempted to leave a comment on Kim Cameron blog? You will be annoyed with the registration/workflow aspects. The question this raises in my mind is what identity standards should exist for workflow? There are merits in this scenario for integrating with the OASIS SPML standard, but I can equally see value in considering BPEL as well.

I think there are too many XXXL all seem similar BPEL and SPML. Trying to keep up with these let alone write applications that use them would be a nightmare.

- Education: Right now the conversation regarding identity is in the land of geeks and those who are motivated to read specifications. There is a crowd of folks who need things distilled, the readers digest version if you will. Traditionally, this role is served by industry analysts such as Gartner and Forrester. What would it take for this guys to get off their butts and start publishing more thoughtful information in this space?

Time, Money? Won't it still be the geeks that read them anyway? The people that make the decisions don't have time ;-)

- Conferences: When do folks think that the conversation about identity will occur at other than identity/security conferences? For example, wouldn't it have been wonderful if Billy Cripe, Craig Randall and Laurence Hart where all talking about the identity metasystem in context of ECM?

Sometimes it's hard to talk in the short time conferences last. What do you suggest? Maybe worth trying to get the ball rolling.

That's all I have time for tonight, not much but something for a quick read.


Spring 2008 - a UKUUG Conference Review

LinuxOpenLDAPOpen SourcePerlPostgreSQLSuretec I got back last night, after a somewhat hectic flight (long story).

I really enjoyed the conference, my first time speaking at one, bit nervous, but it can only get better ;-)


Continue reading "Spring 2008 - a UKUUG Conference Review"

Oracle Internet Directory and 2 Billion Entries?

LinuxOpenLDAP I've just finished reading The 2 billion entry directory tree - The scalability of Oracle Internet Directory at very large Directory Information Tree sizes, and thought I'd blog some initial thoughts (I'm sure our partners Symas will have something to say later).

The following is from the 2 Billion User Benchmark (Oracle Internet Directory - Technical Whitepaper (PDF) on the Oracle Internet Directory homepage.

So here's the Network kit they used:

Some pretty accessible kit there! ;-)
Continue reading "Oracle Internet Directory and 2 Billion Entries?"

OpenLDAP King of the Hill - OpenLDAP Chief Architect Interview

OpenLDAP Suretec saw a sneak peak before it was out, but we're glad to say it's unchanged and a cracker!

Have a read:

OpenLDAP is unmatched by any other directory service, proprietary or open source. Of all the others available, the proprietary ones are just hiding their dirty laundry and all of them are just a waste of time and money.

Want OpenLDAP for your Enterprise? Then contact the UK Leading OpenLDAP Experts.


In reply to "A common weakness in OpenLDAP"

OpenLDAPSuretec This was posted in reply to our post A Common Weakness in all Identity Management Products", but not OpenLDAP:

It is interesting to see how a thread on how identity provisioning tools and their lack of true interoperability with Active Directory gets twisted into a discussion on the merits of OpenLDAP. What is interesting is that the comparison is solely technical and doesn't provide any rationale related to how much it would cost to maintain OpenLDAP vs ADAM[?].

Hmmm, the Symas paper we referenced does indeed discuss the cost to maintain OpenLDAP on pages 6 and 7 of the paper

You will also notice mention of one and only one Fortune enterprise that uses it as their primary directory service. Of course, the mentioned company is in the consulting business so this isn't surprising. Maybe the mention of a bank or retailer in the Fortune ranks is in order. I suspect the economics nor the customer base simply aren't their...

It's more to do with the fact both Suretec and Symas aren't allowed to say. Have a look at Key Relationships or again, contact either Suretec or Symas.

"A Common Weakness in all Identity Management Products", but not OpenLDAP

OpenLDAPSuretec A few comments on A Common Weakness in all Identity Management Products:

Consider for a moment, how many Fortune enterprises have Active Directory in a production environment. Out of the Fortune 500, Sun is the only hold out. You would think that if Active Directory were so pervasively implemented that software vendors would want to deeply integrate with it, but nothing could be further from the truth.

I would disagree. OpenLDAP is right up there, in fact most enterprises don't use AD[?] for true Directory requirements. Speak to Suretec and Symas for more information.

I would urge the author to read the ADAM[?] vs. LDAP[?] White Paper, an evaluation of Microsoft's ADAM to LDAP, written by our friends and partners Symas
Continue reading ""A Common Weakness in all Identity Management Products", but not OpenLDAP"