Solved

LDAP server to centralize authentication on AIX

Posted on 2010-08-16
9
1,052 Views
Last Modified: 2013-11-17
Hi again,

I'm planning to install an LDAP server to centralize all accounts of several AIX servers.. I've worked before with openldap and fedora directory service but on a linux environment. I'l like to hear opinions on would be the best ldap server to use on an AIX enviroment. I'd like to setup a redundant setup.

Thanks.
0
Comment
Question by:sminfo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 13

Expert Comment

by:George K.
ID: 33445104
Open source LDAP servers include:

Red Hat Directory Server/Fedora Directory Server. Red Hat Directory Server was initially bought from Netscape Security Solutions as a commercial product for Red Hat Enterprise Linux. Nowadays it is produced by Red Hat with name Red Hat Directory Server. Following its policy Red Hat produced version for Fedora Core also. It is called Fedora Directory Server that is perfect for distributives on the basis of RedHat. Codes of these servers coincide greatly because of the common root. Unlike OpenLDAP Fedora/Red Hat directory servers have good documentation.

OpenLDAP. OpenLDAP is the further development of the original slapd. It is widely distributed and used on many platforms like Linux, FreeBSD, Windows and MacOS X. Documentation containing on the website is quite obsolete, but there are many useful step-by-step instructions. OpenLDAP is time-tested. Its functionality is practically identical to RedHat directory server.



Commercial LDAP Servers 


Novell eDirectory. All products are free for higher educational establishments. It works with the help of the following operational systems: Novell Netware, Windows (NT), Linux (SUSE Enterprise, or RedHat), Solaris, AIX, HP-UX. You have everything in one product – all the necessary programs are given at once. Installation and customization are easy.
Advantages - exclusive documentation and affordable price, technical support for registered users and cross-platform function. Disadvantage – closed source files.

Microsoft Active Directory. It is a part of Windows Server family. It’s a perfect solution for MS networks. Advantages – perfect integration into the system, highly qualified documentation.

Sun Java System Directory Server. Sun merged with IPlanet Company and created its new product – Sun ONE, renamed afterwards to Sun Java System Directory Server. It is not a standalone product, but just a part of Java Enterprise System. System requirements: Solaris 10, Solaris 9, Solaris 8 (only for SPARC), Red Hat Enterprise Linux 2.1 and 3.1, HP-UX 11i, Microsoft Windows 2000, XP, 2003. You can not buy it apart from Java Enterprise System. But if you decide to use complex solution from Sun, you won’t have any problems. Sun engineers will help you to install and configure it according to your requirements.

IBM Tivoli Directory Server. LDAP-solution from IBM. It is supported by the following operational systems: AIX, Solaris, Microsoft Windows 2000, HP-UX, and also Linux for Intel and IBM eServer iSeries, pSeries and zSeries. Advantage – qualified, open and free for all documentation.

Here is the link too: http://www.morphosppc.com/article/ldap-servers/
I would go with IBM solution having in mind the above, but also stability of the whole system.
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 33445188
Hi,
alas I don't work with LDAP in our AIX environment, but
1) As far as I know AIX machines can be clients of LDAP servers such as Fedora  or openldap without a problem.
2) There is of course an IBM/Tivoli solution, the "IBM Tivoli Directory Server" - http://www-01.ibm.com/software/tivoli/products/directory-server/ 
It's not part of AIX, and thus payable, of course. ( and it's NOT really cheap, ~ EUR 10.000 per POWER5 core).
wmp
0
 

Author Comment

by:sminfo
ID: 33445510
Hi georgekl,

I was taking a look at IBM Tivoli but it's too expensive I think knowing the situation in our enterprise. Have you test any open-source solution in an AIX production environment? We have MS Active Directory but not sure if windows admins are willy to make changes in the schema  to serve all AIX servers. So, I'd like to look for sometihing on unix/linux and if possible free :-). I've worked with fedora DS, but not sure if it's ready for AIX servers.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:sminfo
ID: 33446004

wmp, any experience on using openldap or FDS?
0
 
LVL 13

Accepted Solution

by:
George K. earned 250 total points
ID: 33448480
I have experienced FDS working great although, I have not personally not set it up, we had no problems since it was up and working.
0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 250 total points
ID: 33448520
I think this Redbook "Integrating AIX into Heterogeneous LDAP Environments"
could help you a lot - http://www.redbooks.ibm.com/redbooks/pdfs/sg247165.pdf
0
 
LVL 5

Expert Comment

by:balasundaram_s
ID: 33448564
I'd prefer to go with OpenLDAP on suse for both primary and secondary LDAP servers, and then configure Aix servers as LDAP clients.  If this environment is very big, you may considering configuring multiple secondary LDAP servers.
0
 

Author Comment

by:sminfo
ID: 33462197
Hi georgekl,

Sorry the delay. You said you have used FDS, but I ask you if you used it on an AIX environment? Do you have AIX authenticating with a FDS server without problems?
0
 
LVL 13

Expert Comment

by:George K.
ID: 33462381
yes
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction Regular patching is part of a system administrator's tasks. However, many patches require that the system be in single-user mode before they can be installed. A cluster patch in particular can take quite a while to apply if the machine…
Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

761 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question