11

I'm looking for a good open-source alternative to active directory that can handle:

  • Authorization/Authentication
  • Group Policy
  • Replication and Trust Monitoring

In addition, are there any consolidated systems out there that handle these responsibilities?

Edit: Since a lot have asked for more details, I am trying to offer a service setting up an infrastructure for organizations, hardware/software setups, right now I am looking at a Linux stack, both desktops and servers, however a hybrid stack is possible, and I am investigating alternatives.

Laz
  • 231
  • 1
  • 2
  • 8

13 Answers13

6

FreeIPA is one project that aims to replicate much of the functionality provided by Active Directory.

www.freeipa.org

David Narayan
  • 211
  • 1
  • 1
  • This project looks interesting. Thank you. Are there any known production deployments? – Laz Jun 04 '09 at 05:22
  • 1
    FreeIPA is the upstream project for Redhat IPA, which is now bundled in RHEL 6.2. There are plenty of production implementations of Redhat's IPA, if you need specific references, Redhat can likely provide them to you. The RHEL 6.2 package names for IPA are ipa-* – Doug Jan 18 '12 at 18:33
4

Samba can do some of the things that AD can, but I'm not sure I'd call it a full-blown alternative. Take a look at this Samba intro to see if it will suit your needs.

paulr
  • 2,083
  • 13
  • 11
3

I use GoSa as my AD server :

GOsa² provides a powerful GPL'ed framework for managing accounts and systems in LDAP databases. Using GOsa² allows system administrators to easily manage users and groups, fat and thin clients, applications, phones and faxes, mail distribution lists and many other parameters. In conjunction with FAI (Fully Automatic Installation), GOsa² allows the highly automated installation of preconfigured systems. GOsa² therefore provides a single, LDAP-based point of administration for large and small environments, thus making the administration of users and systems and all related parameters manageable and easy.

More info on https://oss.gonicus.de/labs/gosa/

  • 1
    Looks like fun, though I'm a bit annoyed at a public site forcing the use of a (by default) non-trusted certificate for browsing the interesting parts ^^ – Oskar Duveborn Jun 04 '09 at 08:59
2

If you are taking about Windows systems, I dont think there is any framework which is complete. In the Unix world some projects try to cover most of it by use of LDAP, NIS, PAM, NFS/AFS-trees, and some provisioning tools.

Look into Project Athena and Andrew for example.

Some projects like OpenSSO are going to support some of the policy aspects, but optimized for applications.

crb
  • 7,928
  • 37
  • 53
eckes
  • 835
  • 9
  • 21
  • You probably can't post links because you don't have enough reputation yet. It's an anti-spammer measure. – Neobyte May 28 '09 at 01:52
  • Yes I know, still annoying. Especially since I migrated my profie from Stackoverflow (which somehow did not work). – eckes May 28 '09 at 01:54
  • Is there a place where we can provide feedback in an open forum? Because this majorly bugged me too. – Ehtyar Jun 04 '09 at 06:05
  • You can provide feedback at http://serverfault.uservoice.com/pages/17382-general. The profile migration problem is currently in the top 4. – Peter Stuer Jun 04 '09 at 07:14
  • You can also provide feedback at http://meta.stackoverflow.com. – Laz Jul 18 '09 at 22:14
2

There is no open-source alternative that is even close to the functionality of Active Directory, as of 2009 anyway.

As MrDenny commented on your question - if you need all that, just use Active Directory, assuming you are supporting Windows clients.

Neobyte
  • 3,177
  • 25
  • 29
2

I think you could have a look at open-source Apache Directory LDAP v3 compliant server http://directory.apache.org

1

As it was not mentioned yet, would 389 Directory Server be an alternative?

jeid
  • 11
  • 1
0

Samba 4, which is still beta, aims to be a strong alternative to AD.

Gnustavo
  • 119
  • 1
0

There is no open-source alternative that can do all that. Samba can do a useful subset. Why are you asking?

PowerApp101
  • 2,604
  • 1
  • 20
  • 28
0

If you're looking for something in the SOHO arena, then "SME Server" may do the trick.

http://wiki.contribs.org

I recently found it and have been playing with it on a test box. It seems pretty solid.

It will take care of all the normal stuff; file/print sharing, web, email and NAT.

It will also act as an old NT style PDC.

A nice review can be found here http://www.theregister.co.uk/2010/11/17/review_sme_server/

Corey
  • 1,943
  • 12
  • 38
  • 53
0

LDAP will provide you with an active directory alternative, however there is not currently an alternative for Group Policy that I've found. I know someone else had said that opensso will in the future, and I've heard the same thing about Samba. Like I said though currently there is not a Group Policy replacement. If you find one though don't hesitate to share.

  • LDAP is a protocol, and one that Active Directory utilizes. Are you referring to OpenLDAP? You are right however, that Group Policy is one of the main reasons why you would want to use AD. – HostBits Jul 29 '11 at 14:37
-1

The LDS (Lightweight Directory Service) service in Server 2008 is basically the same replication engine that AD uses and you can setup users and groups inside the instance for authentication and authorization purposes. Just add it as a role from server manager after you install the OS.

BoxerBucks
  • 1,374
  • 1
  • 9
  • 19
  • Isnt this also called ADAM, a LDAP Server in Windows, not associated with AD? – eckes Jun 19 '11 at 11:46
  • It was called ADAM prior to Server 2008. It is not AD, but uses many of the same underlying architecture that AD does. Here is a link to the overview - http://technet.microsoft.com/en-us/library/cc755080(v=ws.10).aspx – BoxerBucks Jun 20 '11 at 19:58
  • 1
    AD LDS does not fit here. It can NOT support the features that are requested by the OP. from the link you shared:"In addition, AD LDS does not support domains and forests, Group Policy, or global catalogs." – HostBits Jul 29 '11 at 14:39
-1

Have you looked at Resara Server? Its an open source Active Directory PDC and file server based on samba4. http://www.resara.org