Fedora Directory Server

So one of the things I need to set up at $JOB_2 is some kind of unified bag o' passwords…which, since I hate NIS, pretty much means LDAP. This is the first chance I've had to set up an LDAP system from scratch, rather than either being afraid to try or being stuck with (and, sadly, contributing to the further divergence of) a mishmash of semi-borked LDAP servers.

I've been trying out Fedora Directory Server the last few days, and so far I'm pretty happy with it. It's nice to have the luxury of learning what the hell I'm doing before it all goes live, of screwing up a bunch of times on a non-production system.

Likes: Welp, it's a lot like Sun's Directory Server…at least as far as the logging and console go, anyhow. Not surprising, given the heritage. You can automate installation by giving it a configuration file — something I didn't realize you could do with Sun's DS.

Other likes: PHPLDAPAdmin is nice. The latest version has E-Z-Reed XML templates for things like account creation, meaning I can keep my ignorance of Javascript intact. (Hurray!)

Minor irritants: there are a few. First off, there are no RPMs for CentOS 5 for the 1.1 series; you have to jump through some hoops to get the FC6 RPMs of 1.1 installed. I'd originally tried the 1.0 series on Debian, and hadn't realized that the 1.1 series does not include the org chart or E-Z-Account-Maker web app. (This is where y'all can go, "Muffin!")

Third, I'm so far not able to get the automated installation working…can't figure out why. Not terribly important, since $JOB_2 is small and likely to stay that way; a couple of servers is likely to be the max. But installation of this thing, just like with Sun DS, has lots of knobs that you can twiddle if you want, and part of the problem with the mishmash at $JOB_1 is that no one ever standardized the settings — never wrote down the answers to the questions, or scripted it, or came up with a config file, or anything. And it's hellish if you want to add another install to the mix.

Anyhow...so far it's cool. I've been playing with it on a machine at $JOB_2 plus an installation of CentOS 5 on my laptop. Still to learn: SSL, replication, and (maybe) multi-master replication.

(Incidentally, I'm surprised that there isn't a more recent version of O'Reilly's LDAP Administration by Gerald Carter. Yes, there's still OpenLDAP and I don't imagine it's changed very much (feel free to correct me), but something that included Fedora DS, and maybe (maybe) OpenDS would be good.

(And speaking of Sun gossip, I've been meaning to mention this for a while…and now this.)