Maybe this can help clear it up, with a tiny bit of repetition :o)
The Windows Server (as a machine) is the gateway to the data. As such,
anything Microsoft then requires Microsoft CALs. For example:
If you access files directly (via file://) then you legally need access
rights (Client Access Licenses) either for every user or device
necessary.
If you access files via IIS and Native auth (machine's own user
directory) then the same thing applies [not in this Apache->SVN case].
If you access files via Apache and Native auth (machine's own user
directory) then the same thing applies (i.e. CALs are necessary).
If you access files via Apache and LDAP/Active Directory, then
ACTIVE-DIRECTORY licenses are required. Should the user already exist
in AD because it's an organization thing, then no additional licenses
are required (don't quote me, verify with reseller) however, if the AD
is just for this, then you need CALs.
If you access files via Apache and LDAP/non-AD (openLdap), then *no*
Microsoft CALs are required EXCEPT whatever the other LDAP server
requires.
Lastly, if you access via SVN protocol (svn://) then it still depends on
the user directory. If I am not mistaken, svn:// has its own
user-access list, thus no Microsoft CALs are required.
HTH,
- nasser
Nasser Dassi
Sr. Technical Programmer
=========================================
E: ndassi@141xm.com
=========================================
-----Original Message-----
From: Johnson, Rick [mailto:JohnsonR@gc.adventist.org]
Sent: Wednesday, May 11, 2005 9:03 AM
To: Greg Thomas; users@subversion.tigris.org
Subject: RE: Licensing Issues (Windows Server)
> -----Original Message-----
> From: Greg Thomas [mailto:thomasgd@omc.bt.co.uk]
> Sent: Wednesday, May 11, 2005 8:22 AM
> To: Johnson, Rick; users@subversion.tigris.org
> Subject: Re: Licensing Issues (Windows Server)
>
> On Wed, 11 May 2005 07:45:24 -0400, "Johnson, Rick"
> <JohnsonR@gc.adventist.org> wrote:
>
> >I'm going to jump in here and say that I don't think it's quite that
> >simple. I just reread the Windows Server 2003 EULA and it
> appears to me
> >that you need a CAL anytime you do Windows authentication (local or
> >domain authentication) for that server. That means the explanation
> >above is true until you do Windows authentication through
> Apache (such
> >as through LDAP to Active Directory or a Windows authentication
> >plug-in), then you're going to need a CAL for each user or
> machine that
> >authenticates.
>
> Surely it would be the server performing the authentication, not the
> server requesting the authentication (in this instance, acting as a
> client) (I've got my LDAP authentication talking to another server).
> That said, an authentication request is pretty short, so 10 (or
> whatever) simultaneous requests would probably handle a large number
> of users.
>
> Greg
> --
> This post represents the views of the author and does not necessarily
> accurately represent the views of BT.
>
I have my server set up like yours, I think . I have my Apache server
performing an LDAP call to my Active Directory server. I asked an M$ rep
about exactly this one time and he said that you need a CAL for each
user that is authenticated via Active Directory whether it's through
LDAP or Native authenticiation. In your case, if Apache is doing LDAP
authentication to, for instance, an OpenLDAP server then you don't need
a CAL. If it's doing LDAP authentication to an Active Directory server
then you do.
M$ take on it seems to be that Windows authentication is a function of
the Server and you need a CAL to use any Server functionality. That's my
definition of what the rep said, not his exact words. This is getting
muddied because server means both the Windows server and Apache or
Subversion servers.
As to your comment about 10 or so licenses covering a bunch of users.
This would be correct if M$ did concurrent licensing anymore but almost
all of their current licensing is NOT concurrent. You can buy a User CAL
or a Device CAL. A single User CAL allows a single SPECIFIC user to
access a Windows Server of that type (Windows 2000 and Windows 2003 have
different CALs so you might need both) for any computer. A Device CAL
allows a single SPECIFIC computer (but any number of users on that
computer) to access a Windows Server of that type.
Rick
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed May 11 18:07:05 2005