[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference forty2::x500

Title:X.500 Directory Services
Notice:Sprt: FORTY2::X500_SUPPORT, Kits: 216.*, try dir/titl=OFFICIAL
Moderator:FORTY2::PULLEN
Created:Tue Jan 30 1990
Last Modified:Thu Jun 05 1997
Last Successful Update:Fri Jun 06 1997
Number of topics:1016
Total number of notes:4299

986.0. "Active Directory vs X.500 and LDAP compliance?" by TROOA::BROWN (RPC - Really Practical Computing) Sat Mar 15 1997 05:36

  Could someone please point me at more information on the differences
  between Microsoft's Active Directory and X.500 directory.  Is there
  a bridge between the two?  I gather AD is not LDAP compliant? Can a 
  client app use both somehow?  I don't profess to really understand the
  issue but my customer raised it as a problem he is wrestling with a
  and would like so advice from DIGITAL on it.
  
  thanks,
  -ian
T.RTitleUserPersonal
Name
DateLines
986.1you can only compare capabilitiesAIMTEC::ZANIEWSKI_DTaking bids on Andrew's Alphatraz cellMon Mar 17 1997 16:2610
        Active Directory is Microsoft's "roll your own" attempt to become 
        a defacto standard, and is compliant to nothing in the
        multi-verse.  X.500 is written to conform to international 
        standards.
        
        If you explore the MSG_SOLUTIONS conference, there is mention of
        ways to synchronize.  I don't believe I've seen a mention of any
        bridge.
        
        Dave Zaniewski
986.2Active Directory is based on LDAPTUXEDO::STRUTTColin StruttWed Mar 19 1997 19:349
    .0> I gather AD is not LDAP compliant? 
    
    That's not my understanding. Based on attending the Active Directory
    workshop at Microsoft last month, it's clear that Active Directory *is*
    based on LDAP.
    
    What makes you think that it is not?
    
    colin
986.3"based on" is not equal to "complaint"AIMTEC::ZANIEWSKI_DTaking bids on Andrew's Alphatraz cellWed Mar 19 1997 21:484
        Microsoft also says it's based on X.500, but it's not X.500
        compliant.  
        
        Dave Zaniewski
986.4X.500 vs AD and then What?NQOS01::rdodial_port13.32.81.16.in-addr.arpa::ATKINSatkinss@mail.dec.comThu Mar 20 1997 00:2511
What are the real differences other than "Standards"?  I've pointed LDAP 
clients at the Exchange 5.0 LDAP service with some good success. If they make 
AD extensible what will they be missing on the function level. 

Are we (Digital) going to have a X.500 "Standard" directory running on NT in 
the near future. For customers who are buying into NT but not Digital UNIX 
what do we tell them for a Directory service? UNIX? And if the already have 
lots of AIX UNIX do we have any thing to tell them?

Thanks,
Steve
986.5a-107.tunnel.crl.dec.com::FORTY2::PALKAAndrew Palka Altavista DirectoryThu Mar 20 1997 12:0613
The current AltaVista Directory product has all the code needed
for DAP, DSP, DISP and DOP protocols from the original X.500
product (RFC1006 only - no OSI transport). There is just no way
to manage it, as NT does not support ncl. (You can try using DAP
to access the directory - It's not supported but if you get any
problems let us know).

The next version of AltaVista Directory should have additional
management tools to enable some of this stuff to work, though we
haven't got enough bits working to support everything you might
want to do.

Andrew
986.6Could this work? NQOS01::rdodial_port13.32.81.16.in-addr.arpa::ATKINSatkinss@mail.dec.comFri Mar 21 1997 19:3622
Could I used AltaVista Directory for the following solutions.

    --------------               ------------------
    | PRODUCTION  |              |   Future        |
    | Over worked |              | AltaVista X.500 |
    |   CDC       |<---DSP------>|   NT Server     |<----DSP--Future Business
    | X.500 Dir   |              |Replicationof CDC|               Partner
    | Sun Unix    |              |-----------------|
    |-------------|                       |
          ^                               |How do you sync this?
          |                               |
          |                               v
      Current Business           |-----------------|
         Partner                 |  Exchange Org   |
           Link                  |     NT Server   |
                                 |-----------------|

The customer want's standards based X.500 running on NT. Not X.500 Like and we 
can't wait for Active Directory.

Thanks,
Steve
986.7FORTY2::TATHAMNick Tatham @REOMon Mar 24 1997 11:356
We do note support DSP links in or out of AltaVista Directory. So no, this
configuration cannot be used.

Nick

986.8X.500 with CDC X.500NQOS01::16.81.32.134::ATKINSatkinss@mail.dec.comMon Mar 24 1997 18:2219
Then would this work?

    --------------               ------------------
    | PRODUCTION  |              |   Future        |
    | Over worked |              | Digital   X.500 |
    |   CDC       |<---DSP------>|   Digital UNIX  |<----DSP--Future Business
    | X.500 Dir   |              |Replicationof CDC|               Partner
    | Sun Unix    |              |-----------------|
    |-------------|                       |
          ^                               |XDSU To synchronize
          |                               |
          |                               v
      Current Business           |-----------------|
         Partner                 |  Exchange Org   |
           Link                  |     NT Server   |
                                 |-----------------|

Thanks,
Steve
986.9a-115.tunnel.crl.dec.com::FORTY2::PALKAAndrew Palka Altavista DirectoryTue Mar 25 1997 12:0712
In principle .8 works with the current product.

However, if you want to make the Digital DSA get replicated data
from the CDC DSA using the DISP protocol then you might have
problems. CDC do not support the DOP protocol, which is used to
set up replication agreements. So replication would have to be
configured manually, and we dont have any documentation to tell you
how to do this. There may well be other interoperability problems
with replication as well (though we have done some testing with CDC,
so it should be possible).

Andrew