Options
OpenLDAP Alternative
NightShade03
Member Posts: 1,383 ■■■■■■■□□□
in Off-Topic
So I've been playing with this OpenLDAP server for a week now and I've managed to get it working, although I still can't figure out TLS integration. I have setup a Centos-Directory Server and it comes with a Java GUI + command line, took me 5 minutes to do that lol
Anyone know the differences between the two? I wouldn't want to invest time in OpenLDAP if Centos-DS is easier, but I also want to make sure Centos-DS is good to use.
Anyone know the differences between the two? I wouldn't want to invest time in OpenLDAP if Centos-DS is easier, but I also want to make sure Centos-DS is good to use.
Comments
-
Optionsdarkerosxx Banned Posts: 1,343Directory Server is pretty well respected, I haven't heard of any problems with it.
Check out FreeIPA. I'm actually testing it now, they're supposed to have V2 ready to be released with RHEL6 (CentOS 6)
Main Page - Free IPA -
OptionsForsaken_GA Member Posts: 4,024out of curiosity, what OS were you implementing OpenLDAP on?
If it's Debian, a large part of your TLS problems are probably coming from the fact that the they started compiling OpenLDAP against libgnutls instead of libssl. I had alot of problems with TLS until I recompiled it against libssl. -
OptionsNightShade03 Member Posts: 1,383 ■■■■■■■□□□CentOS 5.4....The problem is the lack of documentation really and needing to figure things out without guidance (although it is a good way to learn).
The TLS issue specifically is that the clients refuse to connect to the server because the "CA is unknown" (I'm guessing which stems from a self signed certificate).
Been using CentOS-DS all day and it is pretty good so far. -
Optionssidsanders Member Posts: 217 ■■■□□□□□□□NightShade03 wrote: »CentOS 5.4....The problem is the lack of documentation really and needing to figure things out without guidance (although it is a good way to learn).
The TLS issue specifically is that the clients refuse to connect to the server because the "CA is unknown" (I'm guessing which stems from a self signed certificate).
Been using CentOS-DS all day and it is pretty good so far.
u need to distribute the ca cert to the clients. you can always create a ca, make a cert req--sign it. that way you wont have a self signed cert (i try to avoid that). im a huge fan of openldap.
Forsaken_GA on gnutls --> ya there has been some threads on openldap lists on how poopy the gnutls stuff can be.GO TEAM VENTURE!!!!