Jorge Castro: On Active Directory…

Jorge Castro: On Active Directory…

Ted Haeger shows off some of the kickass active directory integration that Novell has been putting into SLED/SLES. Kudos for doing all the work upstream. I am typically a Linux guy, but a migration this summer forced me to learn Windows Active Directory, and Windows Server. I've learned alot, so I wanted to let you guys know where we are, and what we can do to compete.

All our work Ubuntu servers and desktops are “Active Directory integrated”. They show up in the Management Console and everything. Granted you can't do things to them like you can with normal windows machines (ie. set policies or deploy software), but it's a start. As a side bonus you get things like Kerberos authentication, which means I can ssh from host to host passwordless, and I can browse samba shares right from GNOME without inputing my password too. I get my Kerberos ticket in the morning when I login and I'm set for the day as I move around from machine to machine. That's some hot action.

Some things I wanted to ask and comment about:

  • I wonder how Novell gets offline authentication right. We've tried using nscd and that just sucks. Did they fix it or come up with their own solution?
  • It would be cool if someone were to map AD policies to gconf. So when an admin forces a wallpaper or something via the MMC, the linux machines obey also.
  • Make sure you scroll down when reading Ted's blog, there's some good discussion there.
  • On a more depressing note, as much work that is going into this kind of compatability work, it still kind of sucks that there is not an open source way to manage large amounts of clients like you can with Active Directory and eDirectory.
  • I will be discussing this kind of integration at the Ohio Linux Fest in a few weeks. If you dug Ted's blog post about the AD integration then you should try to come, we have lots to discuss… oh, and Ted will be there too.
  • On an unfriendly note, there's nothing shittier than spending a summer working on getting all this to work, and getting flamed by so-called Linux enthusiasts for “selling out to Microsoft.” Let me be the first to tell you graybeards to get bent. A full 90 degrees too.
  • I recently brainstormed with Corey on competing with active directory. I was debating speccing out an “Active Directory Killer” for UDS Mountain View. What do you guys think? Federico's survey results prove that GNOME is being deployed in large numbers, is now not the time to architect an Active Directory killer? Of course I am at the mercy of the amount of finite resources that other people can contribute, so my idea is to at least be able to spec what admins want. If you want to help with this, mail me, so that we can show up to Mountain View prepared. The least we can do is spec something out in detail so that someday someone can make it happen.
  • And shit, why not ask? Novell, please open source eDirectory. (Go to 5 blades)

1000 bonus points to the first person to respond “Use OpenLDAP instead of Active Directory”. Please leave your address too, so I may slay you. 🙂   [Planet Ubuntu]

Leave a comment