[SASAG] OS X and Open Directory versus Windows and Active Directory

Jim Hogan jim.hogan at gmail.com
Sun May 13 15:58:43 PDT 2007

I did not immediately reply to your email, as it seems like you are in
a no-win situation:

"Our IT executive has decided to convert ...(snip)... It's his goal to
'develop a consensus among the IT department'".

Nothing like developing a consensus *after* you have made the decision :)

On 5/13/07, Berry Sizemore <berry.sizemore at gmail.com> wrote:
> Allow me to clarify:  we are operating AD for a pool of Windows based
> developers ...(snip)....
> He [the IT executive] has asked the goofy question,

Ah, so "Berry Sizemore" is your Nom du List, eh?  I will take note of that.

> "If you could build from the ground up,  which would you choose?"

I would hope that your IT executive (probably not reading this
list?!?) would have some notion that y'all should start with a clear
notion of your business requirements and work back from that.  That
being said, if I were charged with a "from the ground up" decision, I
would want to try to make sure that my client or employer avoided
so-called "lock-in", *especially* if, as you suggest, there are
business reasons to maintain a multi-OS client platform (Windows and
Macs, say).

> as if we could ignore the current reality.  The fact that
> he posed such a worthless question and answered it with "because it's
> mainstream",

There *are* legitimate, pragmatic reasons to choose things because
they are prevalent, but I am going to guess that this isn't one of
those cases.  Boy am I glad that your boss probably isn't smart enough
to subscribe to this newsgroup!  "Worthless"  Whew!

> I am at a loss on how to agrue for preserving the current state
> of our shop, especially since I am not an expert at this and there is an
> obvious agenda to change to Windows.  He hasn't justified it to me.

In my head, I maintain a fictional, somewhat ideal company -- I call
it "Jim's Fish Company" -- where I am am sole proprietor and
benevolent dictator.  At JFC, there is no platform diversity --
everybody uses what Jim says.  If some of my 100 imaginary staff
complain that our platform isn't perfect, I kindly recommend that they
find a way to be happy within the context that "Uncle Jim" has laid

So, I can see somebody having an "obvious agenda" to change something
this way or that.  Diversity has its costs. But it doesn't sound like
your "goofy" boss' agenda has gotten that much thought.

> To answer his question:  I would choose Redhat.  Both Apple and Microsoft
> have a pile of features beyond what LDAP provides.  I like the idea of OD on
> Apple's hardware, but I don't like that I cannot create a virtual guest of
> OS X.  I'm not convinced that the extra features of AD get us anything in
> the marketplace, which surely is my executive's unspoken argument.  He can't
> possibly justify spending money to our CEO with "it's mainstream".

Stranger things have happened.  I am reminded of several court
decisions (Bendectin cases come to mind) where the rulings essentially
flew in the face of all scientific evidence.  So, I would prepare
yourself for a possible "mainstream" mandate.

> I can't find performance data on AD, OD or anything else.  Does this whole
> thing really boil down to such reduced opinions like "ease of use" versus
> "more mainstream"?

With a business consisting of 50 people/computers, I have a hard time
seeing performance entering into the calculation,  Do you hope to grow
by a factor of 10 or 20?

With a mix of Windows. Mac and Linux clients, I recently implemented
Fedora Directory Service LDAP.  Versus OpenLDAP, it was a coin toss.
OpenLDAP's configuration (in *.conf files) was a bit more transparent
where FDS' config was more wrapped up in its own LDAP/database
stuctures.  I like text files :)  On the other hand, FDS had some nice
built-in facilities for management and for user self-service.  I
actually use phpLDAPAdmin for most day-to-day management.

For better or worse, LDAP seems like a potential bottomless pit.  I
recently spent a couple of days making our FDS LDAP service *look*
like a Sun iPlanet server all to benefit an unimaginative EMC NAS that
wants to think that it is a Solaris box.  Ugh,  But at least FDS was
kind enough to play along.  Would AD be so understanding?

While Windows computers constitute at least half of our client
computers, I can't imagine choosing AD (or even Apple's LDAP) to
provide core identity/auth services in our environment.  Unless, of
course, I wanted to wash down the blue pill with some grape KoolAid.

But some folks love KoolAid.


> Thanks,
> Berry
> On 5/11/07, Berry Sizemore <berry.sizemore at gmail.com> wrote:
> > Greetings,
> >
> > I recently accepted a position with a application development company
> fifty people large.  It's a very stimulating environment thusfar.  We have
> Sun/Solaris, OS X on Apple, virtualized Linux and Windows Server 2000/2003.
> The projects are varied, and includes web and non-web applications.  Our IT
> executive has decided to convert the company from OS X's implementation of
> Open Directory (OD) to Windows Active Directory (AD) because in his words
> "It's more mainstream."  He asked the question, "If you could build from the
> ground up, what would you choose?"  He has given us a week to provide "a
> compelling reason" not to.  It's his goal to "develop a consensus among the
> IT department".
> >
> > I do not have great depth in my AD knowledge, so am unable to provide a
> very good competitive analysis.  I'm pretty light on my OD knowledge too.
> Since OD is working very well at this time, I instinctively do not wish to
> change it.  We also have an AD implementation that works just fine as well.
> This is the result of a recent merger.  One main goal is to implement
> Sharepoint.  I feel integrating the two is the best way to go.  We've
> already discussed our feelings, and now it's time to show an analysis which
> favors OD or OD/AD integration, which compels my manager to not go retool
> everything to AD.
> >
> > I'm very interested in looking at TCO, pro/coc and benefits comparison
> analyses, or any other documentation that clarifies why I would stay with OD
> or chose to integrate AD.
> >
> > If you find the time to respond, it would be most appreciated.
> >
> > Thank you,
> > Berry Sizemore
> >
> _______________________________________________
> Members mailing list
> Members at lists.sasag.org
> http://lists.sasag.org/mailman/listinfo/members

-*-  Jim Hogan
     Seattle, WA

More information about the Members mailing list