[CentOS] which ldap do you like
Miguel Di Ciurcio Filho
miguel at ic.unicamp.br
Fri Sep 11 19:47:42 UTC 2009
Gregory P. Ennis wrote:
>
> openldap, centos-ds, and freeipa seem to be high on everyone's list.
> Which one do you like, and does it have a good setup tutorial I could
> use. So far the tutorials I have looked at seem out of sync with the
> curent versions of ldap servers.
I've just deployed OpenLDAP and finally shutdown NIS here at work (the
damn thing was running for literally more than a decade).
FreeIPA was not an option at all, it would a pain to us to try to
integrate our current environment on it. If you are going to start from
scratch, take a serious look at it. Although I think it is too RH/Fedora
driven to my taste.
I've setup a test environment with CentOS-DS (RH DS) and it worked fine,
we did not require all the fancy stuff it provides. We decided to not
go ahead with it because a) The CentOS DS packaging is not "official"
yet (we are lazy and just want the "official" stuff) b) To enable simple
bind having the password on Kerberos you need to recompile the package
enabling a plugin called 'PAM passthrough' to authenticate against PAM.
This plugin is considered experimental and RH disables it. I requested
on the CentOS bug tracker[1] to enable it but I don't believe it is
going to happen. RH DS has very good documentation and by looking at the
wiki it supports some MS Active Directory stuff (not relevant to us either).
So we decided to go with OpenLDAP. Easy setup of simple bind with
Kerberos (using saslauthd), no need to recompile the package shipped by
CentOS/RHEL and a big user base. The official documentation is usable
but to solve some problems searching on Google and the project's
mailling lists archives you can easily find answers.
Regards,
Miguel
[1] http://bugs.centos.org/view.php?id=3719
More information about the CentOS
mailing list