openldap and FDS

Craig White craigwhite at
Sat Mar 10 16:17:33 UTC 2007

On Sat, 2007-03-10 at 03:09 -0500, Ric Moore wrote:
> On Fri, 2007-03-09 at 08:16 -0700, Craig White wrote:
> > On Fri, 2007-03-09 at 03:12 -0500, Ric Moore wrote:
> > > p/s   *** I'll be damned- *** 
> > >
> > > ..says that the default setup files are in /opt! I AM taken aback. My
> > > head is hurting from reading this document. I'm really hoping for easy
> > > as described in the article. The article mentions
> > > "Enterprise RedHat Linux" (translated $$$$) so I'm looking for the
> > > Fedora Version (the cheap seats) 
> > ----
> > probably installs to /opt because of its Netscape roots - more of which
> > you will find when you look at the base configuration and certificate
> > generation which are clearly Netscape Directory Server pedigree.
> > 
> > Never say never...
> > 
> > Installing Fedora Directory Server is relatively easy but if you don't
> > understand how LDAP works and can't operate LDAP basic commands
> > (ldapadd/ldapmodify/ldapsearch) from the command line, you aren't likely
> > to get very far, whether it's OpenLDAP or Fedora-DS
> This was a piece of cake, without doing the command line stuff. I had a
> registered version of Netscape Server, that came with the old Caldera
> Distro, which set up like a dream. Apache still doesn't come close to
> the simplistic and intelligent design that Netscape put into their html
> server project. It had a well-designed gui that you could use to admin
> your site from anywhere. Click a couple of buttons, restart, it worked
> without a stack of documents to read for weeks. It's a damn wonder FDS
> is not installed by default. Ric
FDS isn't installed by default because there is simply no justification
for doing so. All of the applications/daemons that have ldap client
libraries compiled in as options (things like
postfix/sendmail/kontact/evolution/etc.) all use the client libraries
from OpenLDAP. FDS doesn't have any client libraries to offer and
OpenLDAP provides robust LDAPv3 client functionality. To see what I
mean, try 'rpm -e openldap' from a root command line to see just how
many packages depend upon the openldap client libraries and I assure you
that you will be surprised.

I recognize that technically, the FDS-Admin console application is a
client but it is a java client and of very limited functionality. Note,
I don't know if the java-compat packages that are part of FC-6 have
enough packages to run the FDS-Admin console application because
everywhere I have installed FDS, I have installed the Sun version of

As to your assertion of the importance of a well designed gui for
administration of a web server or ldap server or whatever, I suppose you
realize that you can have a simple, consistent gui management
application called MMC on Windows but by saying that, it becomes obvious
that there is more than just the GUI. While Netscape's server products
languished under the fire sale management of AOL, the open source
community kept developing open source alternative software. You can get
much of the same functionality of the FDS-Admin console (if not more)
from things like phpldapadmin, gq, ldapadmin or webmin.

So instead of installing OpenLDAP-Server you can install FDS and the
choice is really up to the system administrator but neither is suitable
as a default install.

The point I was trying to make about needing to be versant with command
line functionality of LDAP was this...if you can't query/maintain LDAP
from the command line, you are never going to be able to debug/analyze
how other applications interact with your LDAP server since LDAP doesn't
operate in a vacuum. LDAP is only useful when you link in other
applications and if you don't understand how they do that, you are going
to get nowhere.


More information about the users mailing list