Slashdot Mirror

← Back to Stories (view on slashdot.org)

Where are the 'Modern' Directory Services?

Posted by Cliff on from the specialized-turnkey-linux dept.

MarcQuadra asks: "I've been a Linux user since 1998, and I admin Mac OS X machines at work, but I have yet to find a distribution that comes out-of-the-box with modern directory services. Sure, there are guides to kerberize and set up OpenLDAP, but before I can start pushing Linux as an alternative at work I'll need a few things. Are there any distributions out there that can auto-mount SMB shares as home directories without heavy modification? How about a distro that's based on OpenLDAP and can easily be configured with LDAP-enabled SAMBA and Kerberos? Am I missing something, or is this not a priority with the community at-large?"

17 of 504 comments (clear)

  1. Gee... by TheCabal · · Score: 5, Insightful

    Sounds like you want Windows and Active Directory.

    1. Re:Gee... by TheCabal · · Score: 5, Insightful

      Dude (since we're apparently on an informal basis)

      I help run what is probably one of the largest AD implementations in the country, if not the world. Your perception of AD is true only under certain lamebrained implementations. It IS possible to totally ignore the AD heirarchy and go for a "flat" NT4-style domain structure, but people who set those up should be severely beaten about the face and ears, and never allowed near a server again. If your ADs are like that, get a new job.

    2. Re:Gee... by AlphaSys · · Score: 5, Informative

      Sorry, Jon... you are out of touch. It will absolutely do every bit of that either natively or with the rest of the Win2000/2003 tools that come with it out of the box. Just because you don't know how to do it doesn't mean it doesn't. And yes, that feature set is about 1999.

      Like many others here, I have participated in several migrations away from NDS in favor of AD. Each instance has been a big win for the people I worked for.

      That being said, I have recently installed a trial of the last release of SuSE LINUX Enterprise Server (the first since Novell acquisition) and I have to say that this product's successors/siblings are going to balance things in the DS arena again. I never had anything against Novell, but they stagnated while they tried to fend off and interoperate the beast simultaneously and MS gained almost all of their infrastructure ground almost solely at Novell's expense while they were floundering without a plan.

      The recent SuSE and Ximian acquisitions are going to pay great dividends both for Novell and for the community in the long run. I am excited to see what they do, but for goodness sake, don't applaud the last five years of NDS. That's like claiming the last three Rocky films were the best.

      --
      Can I bum a sig? I left mine at the office.
  2. The community is YOU! by Anonymous Coward · · Score: 5, Funny
    Am I missing something, or is this not a priority with the community at-large?

    The YourOwn (tm) Linux distribution is based on OpenLDAP and all the other out-of-the-box features you're looking for.

    It can be downloaded from YourOwnBox.org.

    1. Re:The community is YOU! by bradkittenbrink · · Score: 5, Funny

      Please do not post links to porn sites, we're trying to have a civilized discussion here...

  3. Novell eDirectory by ezs · · Score: 5, Informative

    You didn't ask for open source.

    Novell eDirectory has been available for many years running on Linux (as well as other platforms). Novell now own SUSE so I'd expect closer and tighter integration moving forward.

    Take a look at some of the new integrations coming in Novell Open Enterprise Server built on SLES 9 server.

    Disclaimer - I'm a Novell person :)

    --
    Evil ZEN Scientist
    1. Re:Novell eDirectory by ezs · · Score: 5, Informative

      I forgot to include the links ;)

      Karma whore links below:

      http://www.novell.com/products/openenterpriseser ve r/
      http://www.novell.com/products/edirectory/

      http://www.novell.com/zenworks

      --
      Evil ZEN Scientist
  4. In fact... by ENOENT · · Score: 5, Funny

    we believe that the idea of data is obsolete, and that, in the future, users will demand less and less of it, and more and more menu animations.

    --
    That's "Mr. Soulless Automaton" to you, Bub.
  5. Re:Netware by Total_Wimp · · Score: 5, Informative

    Open Enterprise Server has a public beta right now. It runs on SUSE or Netware. The whole reason Novell bought SUSE was to answer questions just like this post.

    Of course the poster probably meant "open source directory services". Sorry, eDir is a pay-at-the-door shop.

    TW

  6. Re:SLES by thule · · Score: 5, Informative

    Yup! SuSE does an excellent job of configuring LDAP for you. This includes:

    Configuring Samba for LDAP and populating the LDAP server with the proper entries.
    Putting the dhcp server configuration in LDAP.
    Custom scripts for Samba to add/remove machines and users in LDAP via Samba.
    Configuring Bind to use LDAP as a backend.

    I'm pretty impressed. I love RedHat/Fedora, but those distros don't have anything like SuSE has for bootstrapping the LDAP configuration. Maybe RedHat will get more serious about it once they release the GPL'd version of iPlanet Directory Server.

    Personally, I can't wait until Samba 4 comes out that will bring this all together (Kerb, LDAP, AD) with it's own LDAP server.

  7. LDAP is critical to Linux's survival now. by Zombie+Ryushu · · Score: 5, Insightful

    LDAP, Kerberos, Samba and all the things that come with that are critical to Linux's survival now. Linux will either live or Die on its ability to use LDAP, Kerberos, SSL and Samba.

    LDAP is Linux's ultimate ability that permiates everything Linux can do and makes the many peices of Linux whole. Only the greatest of Linux Users cann use LDAP.

    The thing is, its too damn hard, too damn difficult, and there is not enough documentation and configuration too;s for LDAP out there. I've spent three years on LDAP - I know.

    1. Re:LDAP is critical to Linux's survival now. by lamber45 · · Score: 5, Informative
      LDAP is really just a database-access protocol, with security and distributed-system features built in. I believe RFC 3377 is the most recent relevant standard.

      Most LDAP directories are used to keep track of people; therefore there is an InternetOrgPerson type which (if I remember rightly) has the following attributes by default:

      • CommonName (i.e., userID)
      • Full name
      • Password (can be stored with both Windows and Unix encryption, or in plaintext)
      • Telephone number(s)
      • Mailing address(es)
      • JPEG photo
      • e-mail address
      • user ID #
      • home directory (?), shell (?) (these might be in some other type)
      However, LDAP types are extensible, so you could create a new type to represent employees, inventory, or even projects, or you could extend an existing type. For instance, you might want to add some of the following to InternetOrgPerson (if they're not already there):
      • GPG public key
      • instant-messaging ID
      • ID badge number
      It's even possible to use an SQL or legacy-system database as a backend for OpenLDAP with some custom coding, although I'm sure a lot of people who use it don't bother.

      So that's what's in the directory. You might still ask, "what is it used for?"

      Firstly, Windows, Netware, Solaris and Linux can all be told to get their login information from an LDAP directory. This means that (if it works) someone only needs one account in an organization, that their Windows password is automatically the same as their Unix password, etc. It does not mean that they need to use the same home directory on all systems; but home directories can be automatically created by login scripts. NIS+ was a Unix-only way to distribute just the information found in /etc/passwd; LDAP is cross-platform.

      Secondly, some E-mail clients (specifically Netscape, its derivatives, and Outlook; I don't have experience to speak for others) can treat an LDAP directory as an extension of the address-book. That sure beats running down the hall and referring to a printed list every time you want to e-mail someone or call them on the phone and only remember their name.

      Of course, if your "organization" is one person working on ten computers in a family-member's basement, LDAP probably isn't worth the effort.

  8. NDS is Best by duncan · · Score: 5, Interesting

    LDAP/Samba/Kerbros on Suse works real well out of the box in the latest Suse Server offerings. I don't play with many distros so I can't recommend it against others.

    But for professional use on networks of any real size, I really try to push my customers to NDS. Say what you want about Novell, but I have yet to find a beter DS that Novell's.

  9. OS X Server has it built in... Open Directory by CatOne · · Score: 5, Interesting

    So why not use it? It's a full featured directory service based on OpenLDAP with Kerberized AFP and SMB built in, so why use a Linux server and "roll your own" with everything, and do all the extra work?

    I have to be missing something here.

  10. Using *nix as a Primary Domain Controller by Noksagt · · Score: 5, Informative

    I recently setup a *nix server to act as a Windows PDC for our small workgroup. It wan't that difficult, particularly with the scripts and how-to from IDEALX. Any distro with sane, centrally-managed package management will be equally easy. By this, I mean apt or portage or even the *BSDs. I wouln't undertake this with an RPM distro, unless I had plenty of support.

    I don't yet run Kerberos, as I wouldn't gain much from it. There aren't enough Kerberized apps & MS's approach to "embracing and extinguishing" Kerberos has left *nix implementations largely incompatible with MS's implementation. I run OpenLDAP solely over SSL. SMB traffic is limited to out intranet (basically one room) & we are a small shop, so Kerberos isn't a priority. We will later add it.

    Home directories are all on the server. Samba is configured to allow windows to mount them & windows is configured to use them as the "My Documents" directories.

    I have setup Kerberised SAMBA, OpenLDAP, and SSH at my previous employer. It isn't difficult.

    Novell's eDirectory is nice if your ethics & wallet can afford it. OS X also has a decent implementation.

    The "modern" approach is to do something OTHER than SMB, but that requires a MS-free zone.

  11. Re:I'm a bit confused? by INetUser · · Score: 5, Interesting

    As part of a school project, our team configured a drop in Linux based replacement for ADS and email on the then current SuSE 9.0. Once set up, you can even use the Windows NT Domain tools to administer it. The Linux machine even played the role of domain controller.

    Worked really slick. Single sign-on for all machines, Linux and Windows.

    I have the Word doc write up of how we did it around here someplace. I'd be willing to share if you are interested.

    As others have mentioned, and I'll confirm, that there is an automounter that comes with the distro that can mount smb file shares on windows machines in the network. I've got this working at home right now.

  12. Re:I'm a bit confused? by INetUser · · Score: 5, Informative

    The Word document is about 1 MB in Zip format and available via this link http://www.echohome.org/serverconfiguration.zip