“Dare to Win” or “Why I love S.DS”

Note: “Dare to struggle. Dare to win!” was a slogan used in the 1960s by the Students for a Democratic Society (SDS). This post has nothing to do with that.

Imagine, for a moment, that you’re a software developer, it’s the year 1998 and you need to write a program that accesses an LDAP directory. What do you have to do? Something like this:

  1. Write a TCP-based transport layer to connect to the LDAP server.
  2. Write a data access layer that composes LDAP protocol messages, sends them and decodes the replies.
  3. Write a bunch of utility routines to find LDAP servers, deal with error conditions, handle asynchronouse mode, deal with paged results, etc.
  4. Write all your code in C/C++.
  5. Fix numerous memory management issues: leaks, overruns, heap corruption, etc.

It’s incredible that anybody ever did this. It’s not surprising that the few who did took a really, really, long time to do it.

Now, fast forward to 2008. How would your task be any different? You’d:

  1. Write your code in a .NET language (probably C#)
  2. Use System.DirectoryServices (S.DS) to do all of your LDAP work

You wouldn’t have to write any network code. You wouldn’t have to write any LDAP protocol code. You’d have all the utility functions that you needed including ones specific to Microsoft Active Directory. You would not have to deal with 99% of the memory management problems (it’s still possible to leak memory in .NET but you have to try hard to do it).

I am not exaggerating when I say that you’d be 100 times more productive in 2008 than in 1998.

Lest I place too many laurels on S.DS, let me acknowledge that it’s actually a layer on top of another technology: the Active Directory Service Interfaces (ADSI). ADSI does the really hard work. It implements a scriptable object layer on top of LDAP that makes it much, much, easier to bind to LDAP objects, to perform searches and to get/set object attributes. Anyone who has to deal with AD should immediately go out and buy Robbie Allen’s Active Directory Cookbook if they don’t have one already. The Cookbook has tons of “recipes” that describe how ADSI (and other tools)  can be used from script languages (vbscript, jscript) to manipulate AD.

By the way, the inventor of ADSI (the key developer who managed the project at Microsoft) is Krishna Ganugapati, our VP Engineering at Likewise Software.

Oh, and while you’re getting the Cookbook, you might as well pick up a copy of Jerry Carter’s LDAP System Administration, another excellent book. And, yes, Jerry is another Likewise employee (a senior developer and the main person in charge of Likewise Open).

You know what else is really cool? If you have a good software developer or two, you can write your own version of S.DS that calls OpenLDAP and then use Mono to run S.DS-based code on Linux, UNIX and Mac OS X. Mind you, your developers have to be pretty good; the exercise is not trivial. You have to deal with Kerberos, for example, in order to make authenticated LDAP calls to AD.