Today Red Hat is pleased to announce the creation of the Fedora Directory Server
project. Our vision is simple: to build a free software
project around the directory server technology that Red Hat
acquired from AOL late last year. This software is pretty
amazing. It's been the technology backstop for some huge
installations that had redundancy and reliability requirements
that are rarely found in the real world and it has proven that it
is up to the task. It's fast, it's reliable, it's enterprise
class, and now it's free software.
It's our hope that through this software release we'll not only be
laying down the first layer for free software-based identity
management solutions, but also creating a competitive advantage
for all free software projects because they will be able to
integrate with this excellent piece of software. This project
represents a huge opportunity for everyone in the free software
world and we're happy to have the chance to make that possible.
The term "identity management" is thrown around a lot in the
industry and press these days. We define it as the secure control
of user information and access rights across multiple business
contexts - in short - ensuring that the right users get access to
the right systems, data, and applications quickly and securely.
You can't do that without a centralized service, and in the free
software world we envision this as the place to store that
information. This technology competes with the larger directory
servers out there - Microsoft's Active Directory, Sun's and
Novell's Directory Server technology. In and of itself, this
software does not represent all of the technology that's required
to compete in the identity management space but it is arguably the
most important piece.
We have some pretty clear objectives with this project. We want
to make regular releases of the software that work in the real
world and get testing. We want to draw developers into the
project, make them stakeholders and full contributors. They need
to feel that they are equals. In this sense, we will be
community-based open source. Red Hat may be starting this
project, but we hope that we will be able to bring in a large
amount of non-Red Hat participation as well. We believe that this
is an important key to its long term success. And not just as
part of Red Hat's software subscription offerings, but also as the
starting point for identity management solutions.
One of our larger technical objectives - as I've said - is to
integrate with as much software as possible. This means that when
possible we're a configuration store for every application on a
system. Every user pref. Every service on your machine can store
its configuration in one of these servers. Have you ever had the
vision of dropping a machine on a network and having it come up,
self-install, and just start working? We'd like to see it too
because it offers compelling cost of ownership argument that we
think free software is in a unique position to provide. But it
requires participation from the larger software development
community. This means you and your project. We need to start
working more closely together if we're going to make it to the
next level of integration required to compete. At Red Hat we
think that this is an important technology that is an enabler of
that kind of group participation. We hope that it will be.
If we're talking about where we want to be down the road, we
should talk about where we are today. Our strengths include
excellent client side tools. There's the LDAP SDK that's been
part of the Mozilla project for years and has been lovingly
maintained. We've got Java
bindings for the SDK. And we've also got the widely deployed
ldap client libraries that have been part of openldap. Lots of
different projects out there already use the openldap libraries to
connect to ldap servers.
The server itself is in really good shape. It's got password-sync
with NT Active Directory Servers, Multi-Master replication,
replication over relatively slow WAN connections, reliability you
can depend on, amazing scalability and it's even sports excellent
performance.
On the weakness side, we've got some work to do in the short term.
There are a lot of smaller problems - annoyances, really. It's
really hard to
build the directory server. Unlike most free software
projects we have yet to move to using autotools throughout the
build. This is mostly a result of history. In the closed source
world there is little difference between making a build and making
a release. So the current scripts do both. It's also the
Netscape heritage poking through. The build is largely built on
coreconf, which many readers will remember as the config and build
system that was used as part of the original Mozilla software
release.
In the past, installation of the directory server was done
interactively. On most Linux distributions it's assumed that you
are always be able to do a non-interactive installation of the
software and get something that works out of the box, even
if it's not completely configured. Right now our installation
instructions reflect the fact that we're not very good at
that. We need to make improvements to fit into the model that
most free software hackers and users expect.
One of our larger problems will revolve around the set of decent
Java-based utilities that we have for managing the directory
server. These components are not yet open source. If you
download the binaries
that we have available on our pages you will discover that they
include the free software directory server and these
administration utilities. They make administering the directory
server much easier. And it's our intention to open source them as
soon as it's possible. But this begs the larger question: what do
we want to do with these administration utilities over the long
term? They don't work very well on the free software Java stack
and depending on the very proprietary Java VM from Sun/IBM/others
is not a very attractive option in the free software world. So
our challenge is to build a long term strategy that continues with
the legacy of these good admin utilities but allows us to build and
run on free software. It also might be as simple as porting these
utilities over to a free Java software stack, but we haven't spent
time on that yet. It's our intention to do so.
We're left with a monumental challenge -- one that we see as being
the challenge of the entire free software community. How do we
start to find those integration points with the rest of the free
software world and help to deliver a compelling and well-supported
identity-driven software solution? We know we can't do it
entirely on our own. As an example, think about the fact that if
Samba 4 were combined with a
Kerberos implementation and backed by this directory server we
would have a high-quality, high performance, interoperable Active
Directory / Novell Netware replacement. We have most of the hard
pieces required to make this happen; I think that for the most
part the problems to bring about something like this would be more
political than technical. Bringing together these disparate
communities is the challenge.
The same could be said of the desktop. Using the GNOME desktop as
an example, how do we move forward to think about the desktop as
part of an identity-driven network client? How do we start
building a technical architecture that allows that kind of
transparency? I think it's possible, but it requires a large
amount of community participation. Mindset is as important here
as anything else. Integration needs to be our one true creed.
We hope that by releasing the directory server as free software
we're able to start the community down the right path. We hope
that you'll help and join us.