Convenient Security. Vintela assert that PADL's nss_ldap module has "absolutely no Kerberos integration". The last sixty releases of nss_ldap have supported Kerberos authenticated LDAP sessions, with integrity and privacy.
Easy Configuration. Vintela assert that PADL's nss_ldap module does not support DNS SRV records for domain controller location. nss_ldap has supported the use of DNS SRV records since its initial release. Using ldapprofile, nss_ldap also supports the DUA configuration profile for directory-based configuration.
Scalability: Vintela assert that "PADL (sic) does not scale beyond a few thousand users". PADL's nss_ldap module leverages the operating system's name service cache daemon, as well as paged results, to efficiently use the directory server. For deployments where domain controller service is unreliable, a local proxy cache may be used to provide a persistent cache of directory information.
Kerberos Based Identities. Vintela assert that "PADL does not use kerberos in any form (sic)". Many of our customers have found nss_ldap, in conjunction with Kerberos, to be a compelling solution. Indeed, PADL developed the Kerberos Credentials Manager
specifically for this type of deployment.
We acknowledge Vintela Authentication Services has a number of features suited to Active Directory; we are publishing this document simply so that customers may make an informed choice.
The PADL nss_ldap module is in use at a number of Active Directory deployments across the world.
Advantages of PADL's nss_ldap include:
No per-user or per-client license fees
Directory server-agnostic: works with Microsoft Active Directory, Novell eDirectory, OpenLDAP, Sun ONE
Supported on all major platforms including AIX, FreeBSD, HP-UX, Linux and Solaris
Backed by commercial support from PADL, Symas, and others