LDIF compability - Fortress Schema - OpenLDAP, ApacheDS -others?

[Jan Sindberg <js...@autorola.com>]

In fortress-core/ldap/schema there looks to be separate files for ApacheDS, OpenLDAP and mavibot. Does that mean that we can't start with, for instance ApacheDS, then export as LDIF and import in another random DS? Or is there another good reason to have different schemas for each DS?
In theory Apache Fortress could be compatible with any DS which supports LDAPv3. Will it require a custom schema to use MS Active Directory or other offerings?
I was hoping a bit to find a managed DS at AWS (they don't currently seem to have one which is open to LDAPv3) so that we could pay minimal attention to load-balancing, backup, etc. (not that I am responsible for Operations, but it does make it easier to sell the idea of using Fortress - or maybe I just know too little about ApacheDS and OpenLDAP operations and best practices)

Re: LDIF compability - Fortress Schema - OpenLDAP, ApacheDS -others?

[Shawn McKinney <sm...@apache.org>]

> On Nov 11, 2015, at 7:52 AM, Jan Sindberg <js...@autorola.com> wrote:
> 
> In fortress-core/ldap/schema there looks to be separate files for ApacheDS, OpenLDAP and mavibot. Does that mean that we can't start with, for instance ApacheDS, then export as LDIF and import in another random DS? Or is there another good reason to have different schemas for each DS?

LDAP schema syntax is not consistent across directories which is the reason we have fortress.schema for openldap, and the apacheds.ldif for apache directory schema.  The ldif for mavibot is not schema, it is configuration metadata to enable mavibot for apache directory.  Mavibot is the new backend for apache directory but it is still experimental which is why we don’t enable it by default.

So you can certainly export the data using LDIF from one directory, e.g. openldap, and import it into another directory, e.g. apache directory (or any other).

But you can’t do this with schema metadata.  Each directory implementation has its own syntax.

> 
> On Nov 11, 2015, at 7:52 AM, Jan Sindberg <js...@autorola.com> wrote:
> 
> In theory Apache Fortress could be compatible with any DS which supports LDAPv3. Will it require a custom schema to use MS Active Directory or other offerings?

Apache Fortress is LDAPv3 compliant so will work with any v3 compliant directory - including ActiveDirectory.  There would be work to get the schema converted over to the new implementation however.  The good news is once the schema has been converted and set in the new directory, one could run the fortress junit tests, and if they pass you’re ready for production.  

> 
> On Nov 11, 2015, at 7:52 AM, Jan Sindberg <js...@autorola.com> wrote:
> 
> In fortress-core/ldap/schema there looks to be separate files for ApacheDS, OpenLDAP and mavibot. Does that mean that we can't start with, for instance ApacheDS, then export as LDIF and import in another random DS? Or is there another good reason to have different schemas for each DS?
> In theory Apache Fortress could be compatible with any DS which supports LDAPv3. Will it require a custom schema to use MS Active Directory or other offerings?
> I was hoping a bit to find a managed DS at AWS (they don't currently seem to have one which is open to LDAPv3) so that we could pay minimal attention to load-balancing, backup, etc. (not that I am responsible for Operations, but it does make it easier to sell the idea of using Fortress - or maybe I just know too little about ApacheDS and OpenLDAP operations and best practices)

There is some work going on to make Samba 4 an Active Directory replacement for AWS deployments.  That is still ongoing and probably some number of months from being ready.  I can put you in touch with that team if you’re interested in learning more.

Shawn