3

Let's scope out an average setup:

  • Web company
  • About 50 users
  • A few User Groups (Management, Support, Developers, Sys-Admins, Testers, Sales)
  • A bunch of permissions (Only management is allowed to access sensitive business data, only administrators are allowed on production systems, etc. pp.)
  • Windows Workstations
  • Linux servers
  • Communication (Email, In-house IM, etc.)
  • A few Web Apps with native AAA (e.g. Mantis, Mediawiki, etc.)
  • A few URLs which need to be protected with Basic Auth
  • Maybe a few commercial applications from ISVs with LDAP connectors

Going with OpenLDAP in such an environment may be feasible but it sure isn't fun, especially when you're new to LDAP.

A standard answer would be Active Directory (given their Kerberos and LDAP backends they are even somewhat standards conform), but are there any different products which fit nicely in such an environment and might even have an advantage over AD or OpenLDAP?

Michael Renner
  • 1,750
  • 13
  • 17

4 Answers4

3

I know you are asking for alternatives but, with those requirements, and a small-to-medium business, I would just go with AD. It does everything you need, is easy to set up, and has a huge amount of support material available on the web for operational issues.

Neobyte
  • 3,177
  • 25
  • 29
  • 1
    Agreed. Active Directory for Windows workstations and Likewise Open to authenticate Linux machines against the AD make for a happy heterogeneous environment at my company – Matt Simmons May 31 '09 at 03:25
1

FreeIPA seems to undertake great efforts to provide exactly that. Haven't tried it until now but I've been following it's development and it seems to have a good understanding of what people need in "not so large" environments.

Also it's backed by RedHat so one could make an educated guess that there's some support in terms of developer resources there.

Btw:

Hi robe!

Martin M.
  • 6,428
  • 2
  • 24
  • 42
0

You can also look at Fedora DirectoryServer.

It's certainly not "fun" either - but it does have the advantage over OpenLDAP in that it's master-master, and not single-master-multiple-slave.

It comes from the old Sun application which was later open-sourced from memory, so it has been around for a while.

Xerxes
  • 4,133
  • 3
  • 26
  • 33
0

OpenLDAP isn't really that difficult to learn. You don't need to become a supreme ninja expert at it. I'm not, and I've managed directories for small businesses (startups with 2-20 employees, multiple groups and across multiple server environments, as well as internal corpoate usage).

I don't know the cost of AD, access licenses or any of that, but I imagine learning OpenLDAP sufficiently to manage your environment would cost less. Worst case it costs the same or maybe a bit more (in time, mainly), and you come out ahead by knowing a new-to-you technology :-).

jtimberman
  • 7,511
  • 2
  • 33
  • 42