[olug] Open Source/Linux - Directory Services
Christopher White
slaeyer at gmail.com
Wed Sep 1 13:53:08 UTC 2010
I've been lurking here for the read, it's quite interesting. . . Rob,
in regards to Samba4, I always thought it required linking to an ldap
type backend to work. . .
Chris from Kearney
On Tue, Aug 31, 2010 at 9:53 PM, Rob Townley <rob.townley at gmail.com> wrote:
> On Tue, Aug 31, 2010 at 10:37 AM, Christopher Cashell
> <topher-olug at zyp.org> wrote:
>> On Tue, Aug 31, 2010 at 8:44 AM, Craig Wolf <cjwolf at mpsomaha.org> wrote:
>>> Ok, what are my options for an Active Directory/eDirectory stile of services on Linux? Where can I find info on said item? My Google-Fu is not finding what I need.
>>
>> There's a couple of options, at various stages of "readiness" and
>> cost. First, commercial solutions:
>>
>> ActiveDirectory - With SP2 of Windows Server 2003, and then more so
>> with Windows Server 2008, Microsoft added some features to make
>> integrating non-Windows clients into a Windows ActiveDirectory setup
>> easier. Some of the stuff formerly included as the "Windows Services
>> for Unix" (SFU) was added to Windows Server 2003 SP2, and Windows
>> Server 2008 got even more as the Subsystem for UNIX-based Applications
>> (SUA). It doesn't exactly make integration *easy*, but it does make
>> it a lot easier. It also makes schema extensions for non-Windows
>> functionality in AD easier, although it's still a much bigger pain in
>> the ass than, say, OpenLDAP.
>>
>> Novell eDirectory - I've never personally used Novell eDirectory, but
>> I've heard good things about it. I know back 3-4 years ago, I read
>> about an in-depth study of cross platform directory services, and this
>> one came out the clear winner. I haven't heard it mentioned much
>> recently, however, so I don't know how actively it is still being
>> developed and promoted, or whether it has a future. (I don't deal
>> much with directory services integration anymore, so I may just not be
>> "in the loop" on it.)
>>
>> Red Hat Directory Server - Red Hat's commercial and supported offering
>> based on the FreeIPA stack and 389 Directory Server (fromerly Fedora
>> Directory Server (formerly Netscape Directory Server (formerly the
>> original U. of Michigan slapd project))). This one is still a younger
>> project, but with Red Hat backing it and their stronger presence in
>> the Enterprise, I think it has one of the best chances for long term
>> success.
>>
>> There are a few others, particularly in the "Enterprise" space, such
>> as Tivoli, Oracle, and CA (I'd definitely skip CA's offerings, based
>> on using their other "Enterprise" products). Some of these are more
>> "Identity Management" solutions, that can be worked in with other
>> directory services.
>>
>> Next up, the Open Source options:
>>
>> OpenLDAP - The popular open source standby LDAP implementation. As
>> far as LDAP servers go, it's stable, dependable, relatively easy to
>> use, and performs well. It also has more documentation and users than
>> most of the other options. Because it is "just" an LDAP server, you
>> may end up doing more work yourself to make it a complete solution.
>>
>> 389 Directory Server - Open Source LDAP server implementation
>> (fromerly Fedora Directory Server (formerly Netscape Directory Server
>> (formerly the original U. of Michigan slapd project))). Name was
>> changed to 389 Directory Server to make it's name vendor neutral, as
>> Red Hat hopes to attract non-Red Hat use to it.
>>
>> FreeIPA - This one's a little different from the other Open Source
>> offerings, in that it's attempting to replicate the whole identity
>> management and sign on stack, and not just provide an LDAP server. It
>> dies together LDAP, Kerberos, DNS (BIND) and eventually a lot more.
>> Their eventual goal is to offer the same level of functionality and
>> features as found in ActiveDirectory, plus more. This is the Open
>> Source base that Red Hat is using for it's offering, so there is the
>> advantage of some corporate support. It's also the most ambitious of
>> the Open Source offerings.
>>
>> There's a couple of other Open Source LDAP offerings, but nothing I
>> know of that's close to being production ready.
>>
>>> Craig Wolf
>>
>> --
>> Christopher
>> _______________________________________________
>> OLUG mailing list
>> OLUG at olug.org
>> https://lists.olug.org/mailman/listinfo/olug
>>
>
> Christopher, loved the genealogy lesson. There are people on the
> samba mailing lists claiming they are using Samba4 in production.
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
>
More information about the OLUG
mailing list