[olug] Open Source/Linux - Directory Services

Rob Townley rob.townley at gmail.com
Wed Sep 1 02:53:58 UTC 2010


On Tue, Aug 31, 2010 at 10:37 AM, Christopher Cashell
<topher-olug at zyp.org> wrote:
> On Tue, Aug 31, 2010 at 8:44 AM, Craig Wolf <cjwolf at mpsomaha.org> wrote:
>> Ok, what are my options for an Active Directory/eDirectory stile of services on Linux?  Where can I find info on said item?  My Google-Fu is not finding what I need.
>
> There's a couple of options, at various stages of "readiness" and
> cost.  First, commercial solutions:
>
> ActiveDirectory - With SP2 of Windows Server 2003, and then more so
> with Windows Server 2008, Microsoft added some features to make
> integrating non-Windows clients into a Windows ActiveDirectory setup
> easier.   Some of the stuff formerly included as the "Windows Services
> for Unix" (SFU) was added to Windows Server 2003 SP2, and Windows
> Server 2008 got even more as the Subsystem for UNIX-based Applications
> (SUA).  It doesn't exactly make integration *easy*, but it does make
> it a lot easier.  It also makes schema extensions for non-Windows
> functionality in AD easier, although it's still a much bigger pain in
> the ass than, say, OpenLDAP.
>
> Novell eDirectory - I've never personally used Novell eDirectory, but
> I've heard good things about it.  I know back 3-4 years ago, I read
> about an in-depth study of cross platform directory services, and this
> one came out the clear winner.  I haven't heard it mentioned much
> recently, however, so I don't know how actively it is still being
> developed and promoted, or whether it has a future.  (I don't deal
> much with directory services integration anymore, so I may just not be
> "in the loop" on it.)
>
> Red Hat Directory Server - Red Hat's commercial and supported offering
> based on the FreeIPA stack and 389 Directory Server (fromerly Fedora
> Directory Server (formerly Netscape Directory Server (formerly the
> original U. of Michigan slapd project))).  This one is still a younger
> project, but with Red Hat backing it and their stronger presence in
> the Enterprise, I think it has one of the best chances for long term
> success.
>
> There are a few others, particularly in the "Enterprise" space, such
> as Tivoli, Oracle, and CA (I'd definitely skip CA's offerings, based
> on using their other "Enterprise" products).  Some of these are more
> "Identity Management" solutions, that can be worked in with other
> directory services.
>
> Next up, the Open Source options:
>
> OpenLDAP - The popular open source standby LDAP implementation.  As
> far as LDAP servers go, it's stable, dependable, relatively easy to
> use, and performs well.  It also has more documentation and users than
> most of the other options.  Because it is "just" an LDAP server, you
> may end up doing more work yourself to make it a complete solution.
>
> 389 Directory Server - Open Source LDAP server implementation
> (fromerly Fedora Directory Server (formerly Netscape Directory Server
> (formerly the original U. of Michigan slapd project))).  Name was
> changed to 389 Directory Server to make it's name vendor neutral, as
> Red Hat hopes to attract non-Red Hat use to it.
>
> FreeIPA - This one's a little different from the other Open Source
> offerings, in that it's attempting to replicate the whole identity
> management and sign on stack, and not just provide an LDAP server.  It
> dies together LDAP, Kerberos, DNS (BIND) and eventually a lot more.
> Their eventual goal is to offer the same level of functionality and
> features as found in ActiveDirectory, plus more.  This is the Open
> Source base that Red Hat is using for it's offering, so there is the
> advantage of some corporate support.  It's also the most ambitious of
> the Open Source offerings.
>
> There's a couple of other Open Source LDAP offerings, but nothing I
> know of that's close to being production ready.
>
>> Craig Wolf
>
> --
> Christopher
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
>

Christopher, loved the genealogy lesson.  There are people on the
samba mailing lists claiming they are using Samba4 in production.



More information about the OLUG mailing list