Linux Directory Services

1 view
Skip to first unread message

Dave Sullivan

unread,
Sep 14, 2006, 3:54:32 PM9/14/06
to ubuntu-...@googlegroups.com
Hey Guys,

On a totally unrelated note from the SFD project, I'm looking for
someone who's familiar with Kerberos, LDAP, and Python (or has an
interest in learning them). I'm currently working on plans for a
distribution-independent open source directory service for Linux --
kinda like Red Hat Directory Services or Novell eDirectory, but again,
distro-independent and open source. From my research, there's no
unified, easy-to-setup-and-use package like this for Linux.

If any of you know of a package like this that exists, let me know and
I'll know to scrap the project. If not, bonus! If any of you guys are
interested in joining the project, or know of someone who may, let me
know.

Thanks!

--
Dave Sullivan <demsu...@gmail.com>
http://wiki.ubuntu.com/DaveSullivan
http://daves-pgp-key.doesntexist.com/

Blaine Horrocks

unread,
Sep 14, 2006, 4:28:55 PM9/14/06
to ubuntu-...@googlegroups.com
Dave,

It depends on what you want to achieve with the directory. I'd
recommend thinking about using OpenLDAP with a SASL hook for Kerb.
That's basically what Apple did in Mac OS X Server and it would avoid
reinventing the wheel. The SASL stuff can be a pita from the
implementation side.

The basics using PAM and LDAP for identity mgmt at the OS level are
all there.

Speaking from past experiences, LDAP sucks. Its brittle, hard to
get right, the protocols are arcane and don't always interop
correctly. Problems outside the basic user/email/address stuff
become awkward. The servers don't tend to scale well.
Management tools are weak, and tied to the implementation.

Blech. Shivers. Time for a gravol.

Still, if you (and your nascent team) could do as well as Apple has,
it could be handy.

Many (most?) identity management solutions use a private API and a
SQL database. You could even put n LDAP front on it like MS did for
ADS.


Not that I'm suggesting ADS as a paragon of virtue.

Cheers

Blaine

Dave Sullivan

unread,
Sep 14, 2006, 5:23:44 PM9/14/06
to ubuntu-...@googlegroups.com
I was definitely going to use a SASL hook for Kerberos with PAM and such
for single sign-on services, but I never considered using SQL as the
backend, rather than LDAP. That might be worth looking into, considering
I'm already familiar with SQL. As of yet, I don't have a nascent team..
its just me. That's why I posted the request for help.. to see if I can
get a partner or two to develop this.

Dave

Reply all
Reply to author
Forward
0 new messages