Top 4 open source LDAP implementations | Opensource.com

Top 4 open source LDAP implementations

Posted 28 May 2014 by 

Rating: 
(8 votes)
Image by : 

opensource.com

submit to reddit

When you want to set up an application, most likely you will need to create an administrative account and add users with different privileges. This scenario happens frequently with content management, wiki, file sharing, and mailing lists as well as code versioning and continuous integration tools. When thinking about user and group centralization, you will need to select an application that fits your needs.

If the application can connect to a Single Sign On server, users will be happy to remember only one password.

In the proprietary landscape of directory servers, Active Directory is the dominant tool, but there are directory servers that can also satisfy your needs. The LDAP protocol is the base for all the directory servers, independently of how they are implemented. This protocol is an industry standard and allows you to create, search, modify, and delete your users or groups. And, if the application is able to connect to an LDAP server, you will not have to be concerned with understanding the protocol.

OpenLDAP

The most famous LDAP server, which you can find already packaged in many Linux distributions, is OpenLDAP. It released under the OpenLdap Public Licence, with good documentation and worldwide commercial support. With OpenLDAP you can secure the communication and define privileges for your users. Being a command line tool, you can consider setting up phpLDAPAdmin, which is a web application that allows you to see and modify the structure of your organization within your browser. If you find setting up and configuring OpenLDAP difficult, you may find ApacheDS and OpenDJ easier as they are both LDAP servers running on Java.

ApacheDS

ApacheDS respects the latest version of the LDAP protocol, and it is released under the Apache license. Although you can use the OpenLDAP command line, ApacheDS is shipped together with Apache Directory Studio, a client application, which allows you to easily manage your users and groups. For the setup, ApacheDS provides different installers for Windows, Mac OS X, and Linux. Further, if you are looking for an open source Identity Server, you might discover that the WSO2 Identity Server has ApacheDS built in to manage users.

OpenDJ

OpenDJ is a fork of former project, OpenDS, and has similar roots as the Oracle Unified Directory, as it was inherited from Sun Microsystems. After Sun was acquired by Oracle in 2010, OpenDJ was designed to replace Sun Directory Server. OpenDJ is released under the CDDL license and, like OpenLDAP, has good documentation and worldwide commercial support. OpenDJ is in active development, and ongoing activity is reflected in the roadmap. The OpenDJ team provides not only a client application to manage the server but also OpenAM, which provides Single Sign On, authorization, federation, and more.

389 Directory Server

The 389 Directory server is a Red Hat product (also provided under the name Red Hat Directory Server on top of the Red Hat Enterprise distribution). It is mostly licensed with GPL, having other components under different licenses. The directory server is in active development and it is packaged for Fedora and Red Hat distribution although you can obtain it for other Linux distributions as well. The 389 Directory Server has also a graphical interface that can be used for administration. If you need more services like Certification Autority and authentication and integration with Active Directory check out FreeIPA which is based on 389.

OpenLDAP, ApacheDS, OpenDJ, and 389 Directory server all allow you to establish secure communication and define privileges for your users; they also have strong encryption methods for storing user passwords.

submit to reddit

15 Comments

marxjohnson
Open Minded

Shouldn't this be called "Open source implementations of LDAP" or "Open source alternatives to Active Directory"? The article correctly describes that LDAP is just the protocol, but the title is confusing and possibly misleading.

Vote up!
2
Vote down!
0
Emidio Stani
Open Minded

Hello Mark, I agree with you, currently I am experiencing some login problem, as soon as it is solved, I will change it.

Best,

Emidio

Vote up!
2
Vote down!
0
Emidio Stani
Open Minded

Hello, I fixed the title :-)

Vote up!
3
Vote down!
0
marxjohnson
Open Minded

Great, thanks!

Vote up!
0
Vote down!
0
adingman
Open Enthusiast

No mention of FreeIPA? Admittedly, the LDAP implementation is 389 Directory Server, but if you're discussing GUI tools and Active Directory it seems like a good fit. IPA installation is extremely easy, comes with an HTML management GUI, and gives you useful pre-integrated services like Kerberos, a CA, optional management of your DNS, and so-on. For most people who might consider deploying a new directory, it should be a strong contender. I think it's easier and more full-featured than anything mentioned in the article.

Vote up!
2
Vote down!
0
Emidio Stani
Open Minded

Thank you Andrew, for reporting it and sharing it, being a Red Hat product I am sure it is a good product. I will have a better look and add it.

Vote up!
0
Vote down!
0
adingman
Open Enthusiast

You're most certainly welcome. I'd also hasten to point out that FreeIPA is an open source project, and as such no more "Red Hat's" than 389 or Fedora - my employer pays a lot of people to work on it, but it's hardly proprietary. There's also no extra charge for it as a RHEL component, so there's no sale for me to try to drive with the comments. I just like it.

Vote up!
0
Vote down!
0
Malcolm Thompson

" you can consider setting up phpLDAPAdmin" --

For managing openLDAP, mention should also be made of the web interface LDAP Account Manager (LAM)

Home Page of LAM is at

Vote up!
0
Vote down!
0
Emidio Stani
Open Minded

Hello Malcom, thanks mentioning it, the article is more based on the LDAP servers and as far as I can see LAM is based on phpLDAPAdmin.

Vote up!
0
Vote down!
0
Brad Hards

No mention of Samba4?

Vote up!
2
Vote down!
0
Emidio Stani
Open Minded

Hello Brad,

indeed Samba4 is quite interesting, I wll keep an eye on it

Vote up!
1
Vote down!
0
Brandon

Hello!

I want to use LDAP and learn many about it at the moment. It is useful to use it? All documentation I found is from 2001 or something. Is LDAP outdated in the next years or maybe other architectures meanwhile released? I think about migrating a project to LDAP and if it is a modern method.

Vote up!
0
Vote down!
0
Emidio Stani
Open Minded

Hello Brandon,

LDAP is well famous and stabile protocol that is used a lot at corporate level, many software like Drupal, Jenkins, Nexus, Owncloud, Atlassian Suite, Redmine, Apache, PAM, Postfix support it. Of course there can be new protocol around, for example rest api, but the concept is always the same. The difference among various software is the level of extension they provide, for example ApacheDS and OpenDj support various password encryption methods which could be one of your requirements if previously you saved password in a particular format and you don't want ask your users to change their password as soon as an ldap server installed. For me Ldap is the natural choice as soon as new software need to be installed since only few of them can act as Single Sign On client so you want make sure at least user centralization.

Vote up!
0
Vote down!
0
Brandon

Thanks,

Your answer ist very helpfully for me!

Vote up!
0
Vote down!
0
Onno

OpenLDAP only has the strong encryption if you are willing to become a OpenLDAP developer. You will have to create your own distribution of OpenLDAP, compile from source, package and so forth.

It is not included in the default install. Default password will store in plain text.

Vote up!
0
Vote down!
0

Comment now