LDAP server to centralize authentication on AIX

Posted on 2010-08-16
Last Modified: 2013-11-17
Hi again,

I'm planning to install an LDAP server to centralize all accounts of several AIX servers.. I've worked before with openldap and fedora directory service but on a linux environment. I'l like to hear opinions on would be the best ldap server to use on an AIX enviroment. I'd like to setup a redundant setup.

Question by:sminfo
  • 3
  • 3
  • 2
  • +1
LVL 13

Expert Comment

by:George K.
ID: 33445104
Open source LDAP servers include:

Red Hat Directory Server/Fedora Directory Server. Red Hat Directory Server was initially bought from Netscape Security Solutions as a commercial product for Red Hat Enterprise Linux. Nowadays it is produced by Red Hat with name Red Hat Directory Server. Following its policy Red Hat produced version for Fedora Core also. It is called Fedora Directory Server that is perfect for distributives on the basis of RedHat. Codes of these servers coincide greatly because of the common root. Unlike OpenLDAP Fedora/Red Hat directory servers have good documentation.

OpenLDAP. OpenLDAP is the further development of the original slapd. It is widely distributed and used on many platforms like Linux, FreeBSD, Windows and MacOS X. Documentation containing on the website is quite obsolete, but there are many useful step-by-step instructions. OpenLDAP is time-tested. Its functionality is practically identical to RedHat directory server.

Commercial LDAP Servers 

Novell eDirectory. All products are free for higher educational establishments. It works with the help of the following operational systems: Novell Netware, Windows (NT), Linux (SUSE Enterprise, or RedHat), Solaris, AIX, HP-UX. You have everything in one product – all the necessary programs are given at once. Installation and customization are easy.
Advantages - exclusive documentation and affordable price, technical support for registered users and cross-platform function. Disadvantage – closed source files.

Microsoft Active Directory. It is a part of Windows Server family. It’s a perfect solution for MS networks. Advantages – perfect integration into the system, highly qualified documentation.

Sun Java System Directory Server. Sun merged with IPlanet Company and created its new product – Sun ONE, renamed afterwards to Sun Java System Directory Server. It is not a standalone product, but just a part of Java Enterprise System. System requirements: Solaris 10, Solaris 9, Solaris 8 (only for SPARC), Red Hat Enterprise Linux 2.1 and 3.1, HP-UX 11i, Microsoft Windows 2000, XP, 2003. You can not buy it apart from Java Enterprise System. But if you decide to use complex solution from Sun, you won’t have any problems. Sun engineers will help you to install and configure it according to your requirements.

IBM Tivoli Directory Server. LDAP-solution from IBM. It is supported by the following operational systems: AIX, Solaris, Microsoft Windows 2000, HP-UX, and also Linux for Intel and IBM eServer iSeries, pSeries and zSeries. Advantage – qualified, open and free for all documentation.

Here is the link too:
I would go with IBM solution having in mind the above, but also stability of the whole system.
LVL 68

Expert Comment

ID: 33445188
alas I don't work with LDAP in our AIX environment, but
1) As far as I know AIX machines can be clients of LDAP servers such as Fedora  or openldap without a problem.
2) There is of course an IBM/Tivoli solution, the "IBM Tivoli Directory Server" -
It's not part of AIX, and thus payable, of course. ( and it's NOT really cheap, ~ EUR 10.000 per POWER5 core).

Author Comment

ID: 33445510
Hi georgekl,

I was taking a look at IBM Tivoli but it's too expensive I think knowing the situation in our enterprise. Have you test any open-source solution in an AIX production environment? We have MS Active Directory but not sure if windows admins are willy to make changes in the schema  to serve all AIX servers. So, I'd like to look for sometihing on unix/linux and if possible free :-). I've worked with fedora DS, but not sure if it's ready for AIX servers.

Author Comment

ID: 33446004

wmp, any experience on using openldap or FDS?
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

LVL 13

Accepted Solution

George K. earned 250 total points
ID: 33448480
I have experienced FDS working great although, I have not personally not set it up, we had no problems since it was up and working.
LVL 68

Assisted Solution

woolmilkporc earned 250 total points
ID: 33448520
I think this Redbook "Integrating AIX into Heterogeneous LDAP Environments"
could help you a lot -

Expert Comment

ID: 33448564
I'd prefer to go with OpenLDAP on suse for both primary and secondary LDAP servers, and then configure Aix servers as LDAP clients.  If this environment is very big, you may considering configuring multiple secondary LDAP servers.

Author Comment

ID: 33462197
Hi georgekl,

Sorry the delay. You said you have used FDS, but I ask you if you used it on an AIX environment? Do you have AIX authenticating with a FDS server without problems?
LVL 13

Expert Comment

by:George K.
ID: 33462381

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
error while running the scirpt 24 114
Parsing a file using ksh 10 48
Convert OverPunch 25 57
unix in java example 9 39
My previous tech tip, Installing the Solaris OS From the Flash Archive On a Tape (, discussed installing the Solaris Operating S…
Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now