Notes from Abroad - Symas Blog

Last week was pretty busy for me ; I was not only presenting a talk at the UKUUG conference in London but also a set of talks with Linagora in Paris. Of course, we at Symas are always happy to talk about OpenLDAP and I enjoy the opportunity to meet with users face to face. Visiting such picturesque cities as London and Paris is also a plus.

A number of the Linagora people have been working with the OpenLDAP community recently, and it was nice to get an opportunity to meet the people behind the email addresses. Even nicer to hear that we’ve helped them resolve the problems they were facing, and they’re moving forward with happier results all around. The first talk on Monday night was a public session where I summarized the current state of OpenLDAP 2.4. As with any new piece of code, things don’t always work the way we envisioned and the Linagora team submitted a number of bug reports that led to OpenLDAP 2.4’s rapid maturation and stabilization, surfacing use cases we had overlooked or hadn’t intended. So it’s particularly rewarding to get to talk about how far we’ve come with this release, surrounded by some of the people that made the progress possible. There was also a private followon talk with some of Linagora’s customers in France, where we got to share some more success stories. All in all a very uplifting couple of days.

In between these scheduled events I also had time to catch up with Alex Karasulu and Emmanuel Lecharny of the ApacheDS project. We’ve been cooking up a number of initiatives for ApacheDS and OpenLDAP to collaborate on new LDAP development, and there’ll be more on this later. Most recently they’ve been implementing the RFC4533 Sync Replication protocol, which was pioneered by OpenLDAP. LDAP is all about interoperability and open standards, and we’re proving that it’s real, not just empty talk.

The trip to Paris was all too short, only a couple of days before I had to get back to London. Good food in good company is one of life’s more basic pleasures, and there’s no shortage of either in France. Hopefully next time will be a longer visit.

The UKUUG conference had at least 4 directory-centric presentations, so that kept things interesting. The first talk was from Centrify, about using Microsoft ActiveDirectory as the central service for a heterogeneous network. Much as I think AD is a poorly implemented pile of cxxxode, to their credit, they have certainly made Kerberos and LDAP more ubiquitous than MIT, UMich/Netscape, or the OSF ever did. And you gotta admire the guts of a guy who can stand in front of a UKUUG audience and say “AD is scalable” with a straight face.

I also liked Andrew Findlay’s Access Control presentation ; it’s refreshing to see examples of a basic access control rule implemented in other vendors’ systems. It’s also insightful of Andrew to remark that OpenLDAP’s ACLs are written like programs - that’s the idea, and of course the point is to make them algorithmic rather than heuristic. (Remember, algorithms have defined start and end points, heuristics work “most of the time” but are actually indeterminate. When you set access controls, you want to know that it will control what you meant it to control, exactly ; you don’t want uncertainties in evaluation like in other vendors’ approaches.)

The 2nd day of the conference opened with a talk on OpenLDAP Replication Strategies by Gavin Henry (OpenLDAP’s Documentation lead, and also our partner at Suretec), followed by my presentation of OpenLDAP’s new back-ndb backend. Suffice to say, anyone who hasn’t been keeping up with developments in OpenLDAP syncrepl replication was in for a lot of new information and new possibilities. It was nice to have a dedicated conference session to OpenLDAP here ; reminds me that we should be planning for a new LDAPCon Real Soon Now.

In between the conference and heading off for a contra dance I also met up with the folks from Sirius IT for a spot of lunch. Like the Linagora folks, they’d been working through some problems in OpenLDAP that we resolved recently (this time over IRC, IIRC) and again, this was an opportunity to put faces to nicknames.

Open Source in Europe really has a great following, highly visible ; it seems to be moreso than here in the US. At least that’s the outward impression, and there are a lot of folks being paid by the proprietary folks to keep things that way. Of course we know that in reality there are a lot of companies adopting open source who are forbidden from talking about it, here and abroad. I look forward to the day when Open Source is discussed Openly in enterprises, and that other closed-source stuff is the dirty word…

www.symas.com/blog/