[CentOS] which ldap do you like

[Miguel Di Ciurcio Filho]

Gregory P. Ennis wrote:
> 
> openldap, centos-ds, and freeipa seem to be high on everyone's list.
> Which one do you like, and does it have a good setup tutorial I could
> use.  So far the tutorials I have looked at seem out of sync with the
> curent versions of ldap servers.

I've just deployed OpenLDAP and finally shutdown NIS here at work (the 
damn thing was running for literally more than a decade).

FreeIPA was not an option at all, it would a pain to us to try to 
integrate our current environment on it. If you are going to start from 
scratch, take a serious look at it. Although I think it is too RH/Fedora 
driven to my taste.

I've setup a test environment with CentOS-DS (RH DS) and it worked fine, 
  we did not require all the fancy stuff it provides. We decided to not 
go ahead with it because a) The CentOS DS packaging is not "official" 
yet (we are lazy and just want the "official" stuff) b) To enable simple 
bind having the password on Kerberos you need to recompile the package 
enabling a plugin called 'PAM passthrough' to authenticate against PAM. 
This plugin is considered experimental and RH disables it. I requested 
on the CentOS bug tracker[1] to enable it but I don't believe it is 
going to happen. RH DS has very good documentation and by looking at the 
wiki it supports some MS Active Directory stuff (not relevant to us either).

So we decided to go with OpenLDAP. Easy setup of simple bind with 
Kerberos (using saslauthd), no need to recompile the package shipped by 
CentOS/RHEL and a big user base. The official documentation is usable 
but to solve some problems searching on Google and the project's 
mailling lists archives you can easily find answers.

Regards,

Miguel

[1] http://bugs.centos.org/view.php?id=3719