Open source version of active directory?
CLIFFORD ILKAY
clifford_ilkay at dinamis.com
Tue Apr 20 12:33:15 UTC 2010
On 04/20/2010 04:26 AM, James Bensley wrote:
> AD is Microsoft's directory system which started as LDAP and has
> been heavily extended so a starting place might be OpenLDAP?
Active Directory is more than LDAP. It's also Kerberos. LDAP determines
what you are authorized to do once your credentials have been
established by Kerberos. Samba 4 is supposed to be a drop-in replacement
for Active Directory. That only matters if you need to establish a trust
relationship with a Windows server. If you don't have to, you can use
any LDAP server and Kerberos.
Joe Kaplan's message here:
<http://forums.techarena.in/active-directory/1170562.htm> is useful.
Red Hat has a project called FreeIPA <http://freeipa.org> which combines
MIT Kerberos and the former Netscape Directory Server, now called the
389 Server (after the port that it listens on) to provide identity (I),
policy (P), and auditing (A). The auditing part has been deferred but
the other two parts work.
Ebox <http://www.ebox-platform.com/> is based on Ubuntu. Its creators
claim that it can be a Windows domain controller by virtue of using
OpenLDAP and Samba. Note that this is NT-style authentication, which is
not the same as Active Directory. I tried it about a year ago and found
it incomplete and buggy. The web site is fancier now so perhaps it's not
so any longer.
An alternative to eBox is ClearOS
<http://www.clearfoundation.com/Software/overview.html>, which is based
on Red Hat. I have used its predecessor, ClarkConnect, and it worked
quite well.
--
Regards,
Clifford Ilkay
Dinamis
1419-3266 Yonge St.
Toronto, ON
Canada M4N 3P6
<http://dinamis.com>
+1 416-410-3326
More information about the ubuntu-users
mailing list