389 Directory Server
| 389 Directory Server | |
|---|---|
| Basic data
|
|
| Maintainer | Fedora Project |
| developer | Fedora Project |
| Publishing year | 2005 |
| Current version |
1.4.3.4 ( March 16, 2020 ) |
| operating system | Unix derivatives , Linux |
| programming language | C , Java , Perl , Bourne shell |
| License | MPL / LGPL / GPL / Apache depending on the component |
| German speaking | No |
| Directory server at fedora project | |
389 Directory Server ( 389 DS , formerly Fedora Directory Server ) is a free LDAP server. It is an evolution of the Netscape Directory Server , an LDAP server that Red Hat bought from AOL in 2004 . Before that, the software belonged to Netscape Communications . Since the beginning at the University of Michigan in 1996, the software has been continuously developed. 389 Directory Server is free software under the GNU General Public License .
Functionality and properties
389 Directory Server supports:
- Multi-master replication
- Active Directory comparison
- secure authentication systems ( SSL / TLS and SASL )
- LDAP version 3
- Authorizations (ACI = Access Control Information)
- roll
From version 1.1:
- Automatic user and group number generator (UID / GID number generator)
- LDAP direct connections (LDAPI)
The server also offers a graphical, Java- based console that requires its own administration server in addition to the actual directory server. The platform-independent program allows the creation and deletion of servers, starting and stopping, the configuration of these and much more. There is extensive documentation for the server: online help in the console, PDF books from Red Hat, HowTos and the wikis on the project website.
The project
With this project, Red Hat is pursuing a strategy similar to that of Fedora , the well-known Linux distribution. There is the 389 / Fedora Directory Server under the GPL and the Red Hat Directory Server under commercial support. The main difference between the two products is that they are slightly easier to install and the professional support of the business variant. As with RHEL, Red Hat puts its instructions on the website free of charge for everyone, as they can be almost completely transferred to the Fedora version.
The entire earlier Netscape Enterprise Suite included a mail, an application and a calendar server. These have not yet been approved. In 2005, Red Hat announced that it would open more products. Whether this will happen for the application server, for example, is uncertain: Red Hat supports WildFly and Sun Microsystems is already developing it further under the GlassFish project . The certification service is supported with its own Dogtag Certificate System project.
Versions
The first release 7.1 (version number from the Netscape era) formed the basis for the Red Hat Directory Server 7.
After the first fully open version 1.0.0, which only ran with a time limit (120 days), versions 1.0.1 to 1.0.4 were released with minor bug fixes and improvements (e.g. more password encryption techniques supported). They were adapted to the newly released Fedora and Red Hat Enterprise Linux distributions and packed for them.
From 2007 with version 1.1, the installation packages are only available via the Fedora Extra Repository or a separate directory server repository using YUM . The now completed version 1.1 includes:
- Selective selection of the components to be installed through several packages
- FHS locations in the system
- Improved installation
- Easy migration from 1.0.x
- Init scripts
- Improvements in interoperability with Samba (especially version 4)
- Bug fixes in the console and removal of old components of the admin server
Fedora 6 to 10 and RHEL 5 from Service Level 1 are supported as platforms. In parallel, there is now Red Hat Directory Server 8.
Compatibility / interoperability
From a branch of the project, the also popular Sun Java System Directory Server emerged in 2001 from the iPlanet alliance between Netscape and Sun at the time . This enabled both the 389 and Sun servers as well as older Netscape server variants to be connected for replication purposes. In the meantime, the Sun server has been replaced by Oracle's Java-based Oracle Unified Directory (OUD), making these solutions obsolete.
In Active Directory and NT4 of Microsoft synchronizing the user data is supported.
With OpenLDAP , one-sided replication can take place via slurpd to the 389 server. It makes sense to enable the latter for read-only access. The other way around, but again only in one direction, should theoretically also be possible, but the procedure has not yet been documented.
It is different with Novell eDirectory : there is no interoperability (apart from the LDAP protocol).
389 is part of Red Hat's FreeIPA ( identities , guidelines , monitoring ), which offers a lot more besides the directory ( Kerberos (protocol) , guidelines, more comfortable interface ...). Use of FreeIPA is usually preferable to the 389, as it already offers complete identity management (IDM).
literature
- Daniel Kobras, Mark Pröhl: Challenges when switching from OpenLDAP to 389 DS . In: iX . No. 3 , 2020, p. 88–91 ( heise.de [accessed on February 22, 2020]).
Web links
- The project website (English)
- Side of paid Red Hat Directory Server (English)
- Manuals for Red Hat Directory Server (English)
Footnotes
- ↑ directory.fedoraproject.org . (accessed on March 30, 2020).
- ↑ Red Hat Announces Directory Server. Retrieved April 6, 2019 .
- ↑ Fusion Middleware Transition Guide for Oracle Unified Directory. Accessed March 30, 2020 (English).