[buster]

I recently integrated my companies LDAP server with OpenSSO, which also meant integrating Suns LDAP schema and everything, and it was working just fine. Maybe it's openldap that sucks? Never used it, though. I don't know why LDAP is bad, it's quite a perfect tool for certain situations, that would be a nightmare with SQL and even more so with NoSQL. That there are a lot of RFCs is the major negative point the OP makes and there is no reason this is a bad thing, too. The OP just had his first look into RFCs i guess. There are plenty of RFCs for every protocol in use (IMAP for example, even sieve filters have several RFCs). It's good to have RFCs to look things up, i don't see the negative point here.

[moe]

Could be that the Sun impl is better, but many problems seemed to be inherent. Like pretty much every app expecting a different or redundant schema.

What does that look like in your setup? Do you have ssh/kerberos, samba etc. all under one umbrella without nasty hacks?

[kahawe]

I have used OpenLDAP and Sun LDAP on several occasions and while the initial learning curve for the whole "LDAP thing" might be steep for both, it was pretty obvious that OpenLDAP simply doesn't offer a lot of features that Sun's LDAP server has. And I agree with you, OpenSSO is a product where Sun really got it right and I am more than happy it got opensourced.

[buster]

Yes. But apparently Oracle abandoned the project. Looks like it is continued by ForgeRock: http://forgerock.com/openam.html

All that a few weeks after i recommended OpenSSO to a client.. sheez.. :P