When you want to set up an application, most likely you will need to create an administrative account and add users with different privileges. This scenario happens frequently with content management, wiki, file sharing, and mailing lists as well as code versioning and continuous integration tools. When thinking about user and group centralization, you will need to select an application that fits your needs.
If the application can connect to a Single Sign On server, users will be happy to remember only one password.
In the proprietary landscape of directory servers, Active Directory is the dominant tool, but there are directory servers that can also satisfy your needs. The LDAP protocol is the base for all the directory servers, independently of how they are implemented. This protocol is an industry standard and allows you to create, search, modify, and delete your users or groups. And, if the application is able to connect to an LDAP server, you will not have to be concerned with understanding the protocol.
OpenLDAP
The most famous LDAP server, which you can find already packaged in many Linux distributions, is OpenLDAP. It released under the OpenLdap Public Licence, with good documentation and worldwide commercial support. With OpenLDAP you can secure the communication and define privileges for your users. Being a command line tool, you can consider setting up phpLDAPAdmin, which is a web application that allows you to see and modify the structure of your organization within your browser. If you find setting up and configuring OpenLDAP difficult, you may find ApacheDS and OpenDJ easier as they are both LDAP servers running on Java.
ApacheDS
ApacheDS respects the latest version of the LDAP protocol, and it is released under the Apache license. Although you can use the OpenLDAP command line, ApacheDS is shipped together with Apache Directory Studio, a client application, which allows you to easily manage your users and groups. For the setup, ApacheDS provides different installers for Windows, Mac OS X, and Linux. Further, if you are looking for an open source Identity Server, you might discover that the WSO2 Identity Server has ApacheDS built in to manage users.
OpenDJ
OpenDJ is a fork of former project, OpenDS, and has similar roots as the Oracle Unified Directory, as it was inherited from Sun Microsystems. After Sun was acquired by Oracle in 2010, OpenDJ was designed to replace Sun Directory Server. OpenDJ is released under the CDDL license and, like OpenLDAP, has good documentation and worldwide commercial support. OpenDJ is in active development, and ongoing activity is reflected in the roadmap. The OpenDJ team provides not only a client application to manage the server but also OpenAM, which provides Single Sign On, authorization, federation, and more.
389 Directory Server
The 389 Directory server is a Red Hat product (also provided under the name Red Hat Directory Server on top of the Red Hat Enterprise distribution). It is mostly licensed with GPL, having other components under different licenses. The directory server is in active development and it is packaged for Fedora and Red Hat distribution although you can obtain it for other Linux distributions as well. The 389 Directory Server has also a graphical interface that can be used for administration. If you need more services like Certification Autority and authentication and integration with Active Directory check out FreeIPA which is based on 389.
OpenLDAP, ApacheDS, OpenDJ, and 389 Directory server all allow you to establish secure communication and define privileges for your users; they also have strong encryption methods for storing user passwords.
18 Comments