iplanet directory server (iDS) v4 vs v5

From: Mark Femal (mark@beantree.com)
Date: 10/04/01

Date: Thu, 4 Oct 2001 14:58:15 -0500 (CDT)
From: Mark Femal <mark@beantree.com>
To: <focus-sun@securityfocus.com>
Subject: iplanet directory server (iDS) v4 vs v5
Message-ID: <Pine.GSO.4.33.0110041437390.14855-100000@plato>

Hi all,

I'm starting a fresh installation of Solaris 8 for a given environment and
I'm evaluating whether or not to use iPlanet Directory Server. I
noticed v4.13 came with my Solaris 8 package, but there were security
issues with that release (it is still shipping at least with version 7/01
which I just received last week!). So, my option is to either start
with 4.15 or go to version 5.0. All the docs I can find (some very good
BTW) from Sun and other sources (i.e. blueprints already mentioned on
this list) use 4.xx to explain how to setup LDAP with Solaris. Although
there is information on how to transition from 4.xx to 5.xx, I don't want
to install 4 and then go through the transition if I don't have to
because it seems that version 5 changed quite a few things as well so it
may take quite a bit of learning to do "comparable" steps from the old

Does anyone know of any good sources of information for version 5 for
setting it up under solaris? Anyone use iPlanet Directory Server in a
high-volume environment? Anyone have experience with both NIS+ and LDAP
to contrast the two especially on security? Having a "setup" script
out-of-the-box would be nice to ease the path into using LDAP/iDS (seems
it should be possible given LDIFs and other command-line tools).

One of the other things I'd like to see is more documentation on "fresh"
installs as opposed to migrating from NIS environments (plenty of info on
the latter, not much on the former).

Also, I look through release notes for iDS and see a lot of memory leaks
and other seemingly major issues being fixed and am concerned that
although LDAP may be the better directory in the long-term, the
short-term pains may not be worth it to keep up on versions and fixes.
Seems like NIS+ (which has its own respective fixes) may be just easier to
deal with due to its tighter integration with Solaris.

I am looking to run it in a Solaris only environment.

Thanks for any assistance or tips anyone may have.

-Mark Femal