[olug] Open Source/Linux - Directory Services

Tue Aug 31 15:37:21 UTC 2010

On Tue, Aug 31, 2010 at 8:44 AM, Craig Wolf <cjwolf at mpsomaha.org> wrote:
> Ok, what are my options for an Active Directory/eDirectory stile of services on Linux?  Where can I find info on said item?  My Google-Fu is not finding what I need.

There's a couple of options, at various stages of "readiness" and
cost.  First, commercial solutions:

ActiveDirectory - With SP2 of Windows Server 2003, and then more so
with Windows Server 2008, Microsoft added some features to make
integrating non-Windows clients into a Windows ActiveDirectory setup
easier.   Some of the stuff formerly included as the "Windows Services
for Unix" (SFU) was added to Windows Server 2003 SP2, and Windows
Server 2008 got even more as the Subsystem for UNIX-based Applications
(SUA).  It doesn't exactly make integration *easy*, but it does make
it a lot easier.  It also makes schema extensions for non-Windows
functionality in AD easier, although it's still a much bigger pain in
the ass than, say, OpenLDAP.

Novell eDirectory - I've never personally used Novell eDirectory, but
I've heard good things about it.  I know back 3-4 years ago, I read
about an in-depth study of cross platform directory services, and this
one came out the clear winner.  I haven't heard it mentioned much
recently, however, so I don't know how actively it is still being
developed and promoted, or whether it has a future.  (I don't deal
much with directory services integration anymore, so I may just not be
"in the loop" on it.)

Red Hat Directory Server - Red Hat's commercial and supported offering
based on the FreeIPA stack and 389 Directory Server (fromerly Fedora
Directory Server (formerly Netscape Directory Server (formerly the
original U. of Michigan slapd project))).  This one is still a younger
project, but with Red Hat backing it and their stronger presence in
the Enterprise, I think it has one of the best chances for long term
success.

There are a few others, particularly in the "Enterprise" space, such
as Tivoli, Oracle, and CA (I'd definitely skip CA's offerings, based
on using their other "Enterprise" products).  Some of these are more
"Identity Management" solutions, that can be worked in with other
directory services.

Next up, the Open Source options:

OpenLDAP - The popular open source standby LDAP implementation.  As
far as LDAP servers go, it's stable, dependable, relatively easy to
use, and performs well.  It also has more documentation and users than
most of the other options.  Because it is "just" an LDAP server, you
may end up doing more work yourself to make it a complete solution.

389 Directory Server - Open Source LDAP server implementation
(fromerly Fedora Directory Server (formerly Netscape Directory Server
(formerly the original U. of Michigan slapd project))).  Name was
changed to 389 Directory Server to make it's name vendor neutral, as
Red Hat hopes to attract non-Red Hat use to it.

FreeIPA - This one's a little different from the other Open Source
offerings, in that it's attempting to replicate the whole identity
management and sign on stack, and not just provide an LDAP server.  It
dies together LDAP, Kerberos, DNS (BIND) and eventually a lot more.
Their eventual goal is to offer the same level of functionality and
features as found in ActiveDirectory, plus more.  This is the Open
Source base that Red Hat is using for it's offering, so there is the
advantage of some corporate support.  It's also the most ambitious of
the Open Source offerings.

There's a couple of other Open Source LDAP offerings, but nothing I
know of that's close to being production ready.

> Craig Wolf

-- 
Christopher