Microsoft has developed a split personality when it comes to its public posture on open source software that could potentially create confusion among IT shops using both.
Last week, Microsoft said its patents were being violated by "Linux-like" software. This week company said it would link its Active Directory with the OpenLDAP Directory, which is an open source implementation of the Lightweight Directory Access Protocol (LDAP).
The mixed messages from Microsoft are leaving some to wonder if groups within the company need to bridge a few gaps of their own.
"On one hand, Microsoft's rattling this saber at the open source community, and on the other hand, they're building bridges," said Michael Goulde, analyst for Forrester Research Inc., based in Cambridge, Mass. "It makes you wonder if the two groups -- Bill Hilf's [platform strategy] team and the legal and intellectual property groups are talking to each other."
General manager of platform strategy at Microsoft, Hilf is responsible for driving platform initiatives across the company. He also runs Microsoft's Linux/Open Source Software Lab and regularly contributes to its blog, called Port 25.
Claims of open source patent violations send mixed messages
Goulde said he wondered whether any of the 236 patents that Microsoft claims are being violated by the free software community fall into the Active Directory camp, pointing out that the mixed messages from Microsoft may be causing confusion among customers. "I suppose if you're a Novell customer using SUSE Linux and OpenLDAP or Novell's directory, you might feel safe," said Goulde, referring to Microsoft and Novell's patent deal. "What about people using other directories?" Goulde asked.
Patent protests aside, IT shops may soon have a means to tie together identities, permissions and rights managed in disparate Active Directory and OpenLDAP Directory systems.
Adapter between OpenLDAP Directory and Active Directory in the works
Microsoft is now working with open source groups Kernel Networks and Oxford Computer Group to develop an adapter between OpenLDAP Directory and Active Directory using Microsoft Identity Lifecycle Manager (ILM) 2007. The adapter would let ILM 2007 synchronize identity information between the two directories.
Roger Kay, founder of IT market research and consulting firm Endpoint Technology Associates Inc., in Concord, Mass., said he believes an industry standard would be the best approach for unifying identity management. But, he said that interoperability efforts such as the ones between Microsoft and the open source community are the next best thing.
"Active Directory and OpenLDAP are in the business of maintaining identities and brokering permissions," Kay said. "In theory, this [adapter] would let the OpenLDAP admin transfer user credentials and permissions to Active Directory and vice versa, opening up the two sides of the house to each other."
Microsoft is also working on four open source projects to allow Web security policies and information cards to be recognized across formats including Sun Java Web Server, Apache Tomcat, IBM WebSphere Application Server, Ruby on Rails and PHP for the Apache Web server.
"Whether in Java, Ruby on Rails or WebSphere, Microsoft is saying that all these tools would be readable in all the other environments," Kay said.