[SASAG] OS X and Open Directory versus Windows and Active Directory

Berry Sizemore berry.sizemore at gmail.com
Sun May 13 17:39:06 PDT 2007

For the record, and in case my boss is reading this list, I referred to the
question as goofy, not my boss.  He seems a decent sort, and I suspect this
may be an academic exercise, but because I'm so new I have no way to know.


On 5/13/07, Jim Hogan <jim.hogan at gmail.com> wrote:
> I did not immediately reply to your email, as it seems like you are in
> a no-win situation:
> "Our IT executive has decided to convert ...(snip)... It's his goal to
> 'develop a consensus among the IT department'".
> Nothing like developing a consensus *after* you have made the decision :)
> On 5/13/07, Berry Sizemore <berry.sizemore at gmail.com> wrote:
> > Allow me to clarify:  we are operating AD for a pool of Windows based
> > developers ...(snip)....
> >
> > He [the IT executive] has asked the goofy question,
> Ah, so "Berry Sizemore" is your Nom du List, eh?  I will take note of
> that.
> > "If you could build from the ground up,  which would you choose?"
> I would hope that your IT executive (probably not reading this
> list?!?) would have some notion that y'all should start with a clear
> notion of your business requirements and work back from that.  That
> being said, if I were charged with a "from the ground up" decision, I
> would want to try to make sure that my client or employer avoided
> so-called "lock-in", *especially* if, as you suggest, there are
> business reasons to maintain a multi-OS client platform (Windows and
> Macs, say).
> > as if we could ignore the current reality.  The fact that
> > he posed such a worthless question and answered it with "because it's
> > mainstream",
> There *are* legitimate, pragmatic reasons to choose things because
> they are prevalent, but I am going to guess that this isn't one of
> those cases.  Boy am I glad that your boss probably isn't smart enough
> to subscribe to this newsgroup!  "Worthless"  Whew!
> > I am at a loss on how to agrue for preserving the current state
> > of our shop, especially since I am not an expert at this and there is an
> > obvious agenda to change to Windows.  He hasn't justified it to me.
> In my head, I maintain a fictional, somewhat ideal company -- I call
> it "Jim's Fish Company" -- where I am am sole proprietor and
> benevolent dictator.  At JFC, there is no platform diversity --
> everybody uses what Jim says.  If some of my 100 imaginary staff
> complain that our platform isn't perfect, I kindly recommend that they
> find a way to be happy within the context that "Uncle Jim" has laid
> down.
> So, I can see somebody having an "obvious agenda" to change something
> this way or that.  Diversity has its costs. But it doesn't sound like
> your "goofy" boss' agenda has gotten that much thought.
> > To answer his question:  I would choose Redhat.  Both Apple and
> Microsoft
> > have a pile of features beyond what LDAP provides.  I like the idea of
> OD on
> > Apple's hardware, but I don't like that I cannot create a virtual guest
> of
> > OS X.  I'm not convinced that the extra features of AD get us anything
> in
> > the marketplace, which surely is my executive's unspoken argument.  He
> can't
> > possibly justify spending money to our CEO with "it's mainstream".
> Stranger things have happened.  I am reminded of several court
> decisions (Bendectin cases come to mind) where the rulings essentially
> flew in the face of all scientific evidence.  So, I would prepare
> yourself for a possible "mainstream" mandate.
> > I can't find performance data on AD, OD or anything else.  Does this
> whole
> > thing really boil down to such reduced opinions like "ease of use"
> versus
> > "more mainstream"?
> With a business consisting of 50 people/computers, I have a hard time
> seeing performance entering into the calculation,  Do you hope to grow
> by a factor of 10 or 20?
> With a mix of Windows. Mac and Linux clients, I recently implemented
> Fedora Directory Service LDAP.  Versus OpenLDAP, it was a coin toss.
> OpenLDAP's configuration (in *.conf files) was a bit more transparent
> where FDS' config was more wrapped up in its own LDAP/database
> stuctures.  I like text files :)  On the other hand, FDS had some nice
> built-in facilities for management and for user self-service.  I
> actually use phpLDAPAdmin for most day-to-day management.
> For better or worse, LDAP seems like a potential bottomless pit.  I
> recently spent a couple of days making our FDS LDAP service *look*
> like a Sun iPlanet server all to benefit an unimaginative EMC NAS that
> wants to think that it is a Solaris box.  Ugh,  But at least FDS was
> kind enough to play along.  Would AD be so understanding?
> While Windows computers constitute at least half of our client
> computers, I can't imagine choosing AD (or even Apple's LDAP) to
> provide core identity/auth services in our environment.  Unless, of
> course, I wanted to wash down the blue pill with some grape KoolAid.
> But some folks love KoolAid.
> Jim
> >
> > Thanks,
> > Berry
> >
> > On 5/11/07, Berry Sizemore <berry.sizemore at gmail.com> wrote:
> > > Greetings,
> > >
> > > I recently accepted a position with a application development company
> > fifty people large.  It's a very stimulating environment thusfar.  We
> have
> > Sun/Solaris, OS X on Apple, virtualized Linux and Windows Server
> 2000/2003.
> > The projects are varied, and includes web and non-web applications.  Our
> IT
> > executive has decided to convert the company from OS X's implementation
> of
> > Open Directory (OD) to Windows Active Directory (AD) because in his
> words
> > "It's more mainstream."  He asked the question, "If you could build from
> the
> > ground up, what would you choose?"  He has given us a week to provide "a
> > compelling reason" not to.  It's his goal to "develop a consensus among
> the
> > IT department".
> > >
> > > I do not have great depth in my AD knowledge, so am unable to provide
> a
> > very good competitive analysis.  I'm pretty light on my OD knowledge
> too.
> > Since OD is working very well at this time, I instinctively do not wish
> to
> > change it.  We also have an AD implementation that works just fine as
> well.
> > This is the result of a recent merger.  One main goal is to implement
> > Sharepoint.  I feel integrating the two is the best way to go.  We've
> > already discussed our feelings, and now it's time to show an analysis
> which
> > favors OD or OD/AD integration, which compels my manager to not go
> retool
> > everything to AD.
> > >
> > > I'm very interested in looking at TCO, pro/coc and benefits comparison
> > analyses, or any other documentation that clarifies why I would stay
> with OD
> > or chose to integrate AD.
> > >
> > > If you find the time to respond, it would be most appreciated.
> > >
> > > Thank you,
> > > Berry Sizemore
> > >
> >
> >
> > _______________________________________________
> > Members mailing list
> > Members at lists.sasag.org
> > http://lists.sasag.org/mailman/listinfo/members
> >
> --
> -*-  Jim Hogan
>      Seattle, WA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sasag.org/pipermail/members/attachments/20070513/43e6dda5/attachment.html>

More information about the Members mailing list