Migrate in 4 Easy Steps
Review Existing Install
Our experts carefully analyze your existing LDAP directory system and suggest any improvements that might improve its performance, availability, and resilience. The directory contents are closely examined for schema compliance and corrected if necessary. The resulting cleaned-up data is then loaded into the new system and checked for integrity.
Analyze Access Controls
The directory’s access controls are analyzed and translated to OpenLDAP format. We determine the intent of the access control model so that it can be correctly translated. We thoroughly test to ensure the data is securely stored and accessible only to those identities with appropriate privileges.
Test & Deploy
Then, when your Directory is ready for production, we’re there to help with the deployment to your network.
Our LDAP Bootcamp trains your staff in everything from managing backups and monitoring performance to diagnosing problems and recovering from system outages.
Improved support response times
Moving to the cloud
LDAP Directory Server Migration Costs
Although there are many brands of LDAP directories, most of them come from a relatively small number of code bases. Derivatives from each code base have many similarities, and so the conversion costs for each one are also similar. The list that follows organizes the various servers by code base and describes conversion issues and relative conversion/migration costs.
COST RANGE: Moderate
- IBM Security Directory Server
- IBM Tivoli Directory Server
- IBM SecureWay Directory
- Apple Open Directory
- Red Hat OpenLDAP
- SuSE OpenLDAP
- Debian OpenLDAP
- Ubuntu OpenLDAP
- Linux Tool Box (LTB) Project
- Other OpenLDAP distributed with GNU/Linux distributions
Because of its permissive licensing, the OpenLDAP code base has for years been a popular starting point for companies wishing to develop proprietary directory servers. The IBM products listed below were split off from OpenLDAP fairly early in its life, and so have not benefitted from later improvements. The conversion cost for these directories is in the moderate range but can vary quite a bit depending on configuration complexity.
OpenLDAP in its current form is found in many GNU/Linux distributions including Red Hat Enterprise Linux, SuSE Linux Enterprise Server (SLES), and Debian and Ubuntu distributions. The OpenLDAP versions in these distributions lag the OpenLDAP Project releases by anywhere from several months to several years. The conversion cost for these directories will be the lowest of all, due to the fact that access controls match almost exactly and the capabilities are almost identical. Capacity and reliability will improve with Symas OpenLDAP due to the availability of the LMDB database and other improvements.
iPlanet Directory Server Derivatives
COST RANGE: Low to Moderate
- Red Hat Directory Server
- Netscape Directory Server
- Sun Java System Directory Server (JSDS)
- Oracle Directory Server Enterprise Edition (ODSEE)
- Sun Directory Server Enterprise Edition (Sun DSEE)
- Sun Open Network Enterprise (SunONE) Directory Server
- 389 Directory Server (Fedora)
Development of the iPlanet Directory Server began in the 1990s as a joint project between Netscape and Sun Microsystems. The partnership was later dissolved, and although the codebases diverged, overall the servers remained fairly similar. The Netscape version of the code became the Netscape Directory Server and was eventually sold to Red Hat in a fire sale after the various mergers of Time/Warner, Netscape, and AOL. It was then open-sourced and became the 389 Directory Server and the Red Hat Directory Server, which was then taken private again.
Servers in this family are generally simple to convert, but the implementations have been very loose on schema enforcement. As a result, careful attention needs to be paid to the content. Sometimes conversion scripts need to be used on the data and special overlays used to compensate for behavior of applications written to these loose standards.ope
Novell eDirectory Derivatives
COST RANGE: Low
- NetIQ eDirectory
The Novell eDirectory Server is the inheritor of the older Novell Directory Server (NDS) product and has all but replaced it. It has been a stalwart of the industry but has seen no improvement and few maintenance releases since its acquisition and renaming by NetIQ/Micro Focus. Schema enforcement is moderate. Careful attention needs to be paid to the content and sometimes conversion scripts need to be used on the data.
Access controls are relatively mature but generally not as versatile as those available in OpenLDAP. As a result, the converted ACLs are simpler and easier to maintain.
Sun OpenDS Derivatives
COST RANGE: Moderate
- Oracle Unified Directory
- ForgeRock Directory Services
- UnboundID Directory Server
- Ping Directory and Data Server
Although OpenDS development ceased shortly after Sun was acquired by Oracle Corporation, ForgeRock inherited the bulk of the deployments and continued development of the product under the name OpenDJ. A competing LDAP server product based on the same code was also developed by UnboundID, which was acquired by Ping Identity in 2016. Conversion costs to OpenLDAP are in the moderate range, depending on the features in use.
Datacraft DX-500 Derivatives
COST RANGE: Low to Moderate
- CA eTrust Directory
- CA Directory
The Australian company Datacraft, later known as Open Directory, used heavy SQL database servers to underpin its DX-500 family of pure X.500 server products. LDAP and SSL(TLS) communication capabilities were added at about the time Datacraft was acquired by Computer Associates in 1999. Given X.500’s strict schema enforcement, data migration is usually very straightforward, but translation of access controls can be tricky. The topological tricks used to achieve good geographic scaling are often unnecessary after conversion, but similar analogs are available if needed. OpenLDAP’s LMDB database scales beyond the capabilities of the heavy SQL databases while requiring only a fraction of the resources and none of the administration overhead. Conversion costs from this directory range from moderate to low, depending on the complexity of the access controls and the directory server topology.
Other LDAP Directory Servers
COST RANGE: Low to High
- Apache Directory Server (ApacheDS)
- Microsoft Active Directory
- Oracle Internet Directory
- M-Vault LDAP/X.500 Server
The remaining directory servers are an agglomeration of independent codebases: some Java; others in various combinations of C or C++. The Apache Directory stands out in this group because it was specifically designed to afford a high degree of compatibility with OpenLDAP and so has a very low cost for conversion. Costs for the remainder of these directories can be highly variable depending on the desired outcome and the capabilities that are being used. Contact Symas for additional information about your deployment.
Get A Free Estimate
PO Box 391
Grand Junction, CO 81502
M-F: 9am - 6pm MT
Toll-Free: +1 855.532.7489