This site is now 100% read-only, and retired.

Which Directory Service do you use for your network?

Submitted by debianuser0 on Tue 15 Jul 2008

None  <-> 21% 185 votes
NIS  <-> 4% 41 votes
LDAP  <-> 22% 189 votes
LDAP + Kerberos  <-> 7% 61 votes
Samba  <-> 20% 174 votes
Active Directory  <-> 20% 171 votes
eDirectory  <-> 1% 16 votes
other  <-> 1% 16 votes
Total 853 votes

 

 

 

Re: Which Directory Service do you use for your network?
Posted by Anonymous (83.187.xx.xx) on Tue 15 Jul 2008 at 20:46
I voted for "other" since SSHFS wasn't listed.

[ Parent ]

Re: Which Directory Service do you use for your network?
Posted by chris (193.30.xx.xx) on Wed 16 Jul 2008 at 11:44
[ View Weblogs ]
I'm confused. sshfs is a file system over ssh rather than a Directory Service isn' it?

[ Parent ]

Re: Which Directory Service do you use for your network?
Posted by GhostR (217.237.xx.xx) on Wed 16 Jul 2008 at 14:09
[ View Weblogs ]
hehe, good one! they asked for directorys, so I save my pron on sshfs :)
good its by anonymous would be embarising. But ok, nobody is perfect!

to be honest, I voted AD since we run win2k3 domains, so I usually join sambas and firewalls etg to the MS AD.

for other projects and privat ones I prefer ldap. back in the day novell.... muhaaa

[ Parent ]

Re: Which Directory Service do you use for your network?
Posted by debianuser01 (91.63.xx.xx) on Thu 17 Jul 2008 at 20:15
[ View Weblogs ]

Hi altogether,

if you selected "other", please explain what it is.

It's sad but true, MS Active Directory seems to be the easiest, most secure solution to handle a small to medium size(20-30) bunch of users and their machines(?)
It brings all the needed technologies under one cup.

LDAP + Kerberos is more complicated to setup separately.
I installed the combination under OpenSuse using mix of the Yast Interface and the steps in the manual and it was very error prone and the whole procedure looks premature.
Made also installations under debian with only a few machines. Took also a while.
Routine operations are not supported in a user friendly way (Mean things like adding or removing users and resources etc).
I tried webmin as frontend. But that's
no permanent solution either.

Is there a secure, comfortable, robust, enterprise approved open source all in one package for the tasks of user and resource management and all associated stuff?
I mean including installation and configuration of kerberos and ldap for example.

Okay, a step by step manual that 100% works would be enough.
For a secure(TLS/SSL) LDAP Setup alone it's taking quite a lot of time to find one.
(Think of generating Certs using openssl, what a turd, there are 10^32 different descriptions and none really works out of the box)

I tried:

- passwd/shadow, distributed with rdist > doesn't scale + unsecure³> NO SOLUTION
- NIS, easy to setup, sometimes strange unpredictable behaviour when used in a master / slave configuration. Beside that, insecure -> NO SOLUTION
- LDAP alone: a bit more difficult to setup. Without encryption also unsecure.
--> NO SOLUTION
- LDAP + Kerberos: difficult² to setup. insufficient comfortable support for all days tasks.
--> BARELY SOLUTION

So our windows AD admins laughing at me.
they have a nice interface, easy to setup(a drunken ape could operate on it) and the whole thing is more secure than a hand weaved solution.
the dictum i heard most often last time was:
"open source is only for free if your time is worth nothing"
And in a way I recognize what they mean.

Any example to prove the opposite?

desperate,

Josh

[ Parent ]

Re: Which Directory Service do you use for your network?
Posted by atrixnet (64.39.xx.xx) on Thu 17 Jul 2008 at 21:40
[ View Weblogs ]
I'm hearing really good things about fedora directory.
http://directory.fedoraproject.org/

[ Parent ]

Re: Which Directory Service do you use for your network?
Posted by Anonymous (91.63.xx.xx) on Thu 17 Jul 2008 at 21:57
i'll give it a try.
thank you!

[ Parent ]

Re: Which Directory Service do you use for your network?
Posted by Thorsten (84.58.xx.xx) on Fri 18 Jul 2008 at 22:59
etch installation howto for this:
http://hannibal.solstice.nl/hannibalwiki/doku.php?id=hannibal:fds

It`s on my todo - looks really interestring.
7horsten

[ Parent ]

Re: Which Directory Service do you use for your network?
Posted by Anonymous (85.22.xx.xx) on Mon 21 Jul 2008 at 10:12
I use a combination of the smbldap-tools and ldap-account-manager packages with OpenLDAP and Samba, together with some wrapper scripts for common tasks. Still a lot steps to set up for the first time, but once you got it, you can easily copy the configuration to other machines.

[ Parent ]

Re: Which Directory Service do you use for your network?
Posted by Anonymous (202.7.xx.xx) on Fri 18 Jul 2008 at 23:53
I voted LDAP but our primary DS is Open Directory on OS X Leopard Server (which seems to just be a rebranded openldap, using objectclass schemas that aren't even compatible with its own Mac applications :) ). Most of the Linux servers (Zimbra, other stuff like Request Tracker, GLPI) hook into it via LDAP for authentication.

[ Parent ]

Re: Which Directory Service do you use for your network?
Posted by Anonymous (80.251.xx.xx) on Sun 20 Jul 2008 at 10:43
CowbolNeal Directory!

[ Parent ]

Re: Which Directory Service do you use for your network?
Posted by Anonymous (82.192.xx.xx) on Sun 20 Jul 2008 at 15:22
SAN Storage (NFS/CIFS) on our NetApp FAS platform.

[ Parent ]

Re: Which Directory Service do you use for your network?
Posted by lykwydchykyn (68.19.xx.xx) on Tue 22 Jul 2008 at 05:03
[ View Weblogs ]
I work with eDirectory at work, though not by choice. Still, given the options I might have chosen it, objections to Novell notwithstanding. Our biggest problem is that the LDAP structure created by Novell's tools have changed so much in the years since the whole thing was first set up, you can never quite count on any object having the property you need or not having a duplicate. For instance, half the user accounts don't have a UniqueID because they were created with old tools (NWadmin), and several of them have duplicate UniqueIDs (so much for the "unique" part).

I'm sure if it were re-done from scratch with current tools, it'd be much more manageable. As for AD, I've worked with it just enough to know that it very quickly gets out of hand, especially if you start monkeying with policies.

[ Parent ]

Re: Which Directory Service do you use for your network?
Posted by debianuser01 (91.63.xx.xx) on Tue 22 Jul 2008 at 19:34
[ View Weblogs ]

Usermanagement is no uncommon task. Why is there no free, simple and secure way to proceed yet? One working bullet proof solution would be enough.
maybe fedora-ds helps - i did not really checked out yet. cause it's seems to need a setup fedora system. Anyone successfully tried that hannibal project above?

bye, josh

Josh

[ Parent ]

Re: Which Directory Service do you use for your network?
Posted by lykwydchykyn (68.19.xx.xx) on Wed 23 Jul 2008 at 04:00
[ View Weblogs ]
I think part of the problem is that everyone wants to create the end-all-be-all enterprise-grade AD killer rather than something simple and useful for the "average user". I mean, OpenLDAP is a pretty open-ended system -- it's pretty generic. It's meant to be. What is needed for it to get more usage is a tool where you can get a good solid "average organization" schema going without really knowing what you're doing. I know that sounds bad to some people, but personally I find it easier to learn something if I can be handed a basic, mostly-good configuration which I can go in and tweak as I understand the need for it.

That seems to be what the commercial solutions have going for them.

[ Parent ]

Re: Which Directory Service do you use for your network?
Posted by Anonymous (192.167.xx.xx) on Thu 24 Jul 2008 at 15:04
i use active directory for accounts and samba for phisical directory.

[ Parent ]

Re: Which Directory Service do you use for your network?
Posted by johns (84.208.xx.xx) on Fri 25 Jul 2008 at 09:36
[ View Weblogs ]
Does anyone know of good documentation for setting up LDAP + Kerberos?
Or if any of the people who voted "LDAP + Kerberos" have the time, I'm sure an article about it would make a good addition to the site.

[ Parent ]