12

I have taken a look at the installation and configuration instructions for the newer OpenLDAP releases and decided that it's too much work to set up for my small userbase. Basically, I only use LDAP to synchronize user accounts on a small number of machines (ok, this does not really require a directory server) and to give those users access to some web-based tools, avoiding the need to create user accounts in several places.

Can you recommend a small, simple LDAP server for use on *nix systems?

My only requirements are the ability to serve up PosixAccount and Group objects via LDAP.

jstarek
  • 628
  • 1
  • 6
  • 18
  • 2
    While these are complicated systems, you don't need to expose yourself to the deep complexity unless you are having performance problems. OpenLDAP has reasonable defaults. Other projects really are just as complicated even if they try to hide it. – Jeff Strunk Nov 25 '11 at 15:06
  • Shopping Questions are Off-Topic on any of the [se] sites. See [Q&A is hard, lets go Shopping](http://blog.stackoverflow.com/2010/11/qa-is-hard-lets-go-shopping) and the [FAQ] for more details. – Chris S Oct 26 '12 at 13:09

5 Answers5

7

Using the pre-configured OpenLDAP system of about any Linux distribution will do most of the work of configuring OpenLDAP for you. Creating a very basic LDAP system in i.e. Ubuntu should not take more than 30 min and there are easy to follow guides available for this.

Sven
  • 98,649
  • 14
  • 180
  • 226
  • 7
    Technically, you're correct, but I prefer to work with software that I understand fairly completely. From OpenLDAP's Admin Guide, I get the impression that any 30 minute installation would have to involve copy-pasting stuff from tutorial sites, which I try to avoid. – jstarek Nov 25 '11 at 11:52
  • 3
    +1 for that attitude! – pfo Nov 25 '11 at 14:05
2

There was a tinyldap effort, but there also exists OpenBSD's ldapd(8). I have no working experience with either though.

adamo
  • 6,925
  • 3
  • 30
  • 58
  • 1
    Quoting the tinyldap site with news from 2006(!): `The only thing missing for a release is write support.` I guess you can forget about that one. – Sven Nov 25 '11 at 11:42
  • I added tinyldap for completeness and for the hack of it. If anyone saw it they might decide to fork a version. – adamo Nov 25 '11 at 21:01
1

389ds formerly known as "Fedora Directory Server" is an alternative, comes with a GUI and is documented. You don't need to mess with "cn=config" stuff.

pfo
  • 5,700
  • 24
  • 36
1

While testing the systems you suggested, I also came across OpenDS and thought I'd add it here for the record.

However, I was not entirely happy with any of them and ended up doing what I tried to avoid, namely just setting it up using SuSE's YAST (which, by the way, provides rather good integration of administration and population of the directory).

jstarek
  • 628
  • 1
  • 6
  • 18
  • 1
    As far as learning is concerned, using Yast is about the worst you can do (IMHO) because it shields everything from the users view and you don't learn what happens in the background. – Sven Dec 02 '11 at 15:52
1

You need small or simple server? If you need simple - 389DS (fedora-ds, redhat-ds) is better. If you need small server - openldap is a smallest I ever seen (my server consumes 35M ram and contain about 1k objects).

Paul Rudnitskiy
  • 413
  • 2
  • 5