Main Nav

Hi All, The University of Chicago is undertaking a project to replace our present LDAP infrastructure (Oracle Directory Server Enterprise Edition v 11) with something not Oracle. The three leading candidates we have selected are: OpenDJ by ForgeRock OpenLDAP Port 389 / RedHat DS Would anybody who happens to already be running one of the above systems mind chiming in about their experiences (good and bad)? Also, if you would please let me know if you could go back in time, would you select the product you're presently running? Thanks Dave -- David Langenberg Identity & Access Management The University of Chicago

Comments

Hi Dave, We have been using OpenDJ since Oracle bought Sun and hiked our costs (to the moon) on the Sun DS. OpenDJ has been free, but they are moving to license model for their "Enterprise" binaries. We will be ensuring we stay on the "Community" edition. That may require us to download the source and build ourselves. Downloading source and building proved to fairly easy, we did it yesterday in an hour or so. I would suggest getting on the OpenDJ email list for the complete conversation. OpenDJ has been very reliable, although we haven't successfully made replication work (we may not have really given it the old college try). We are working on that. It is also our password store for CAS and can support 3000 logins a minute. I also have a non optimized java program that easily reads 1000 person records a minute. We currently store 1.2 million ldap records. Hope this helps, Bryan
we use 389. i have used it before at other institutions. multi-master replication works great. extremely reliable product. FREE! as for going back in time and using the same product? well, i did, so i would and i will. :-) /mrg
Edit to previous post. My Java program reads 1000 records a second. -Bryan
>We started out with the Sun product and subsequently moved to 389 DS (Port 389 above). Michael Gettes' pretty much states the reasons. We have >replication between two masters and have two read-only consumers set up in a chain on update mode to the masters. This setup has been rock solid for >us. Additionally we have a replication agreement to AD which synchronizes our passwords from LDAP to AD (we do not go the other way). I have a question about the password sync. I was under the impression that in order for this to work the passwords need to be in plain text in LDAP for this to work. Is this true? I would love to replace our programmatic password sync process. Thanks, Bryan
Close
Close


Annual Conference
September 29–October 2
View Proceedings

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.