LDAP server to centralize authentication on AIX

Hi again,

I'm planning to install an LDAP server to centralize all accounts of several AIX servers.. I've worked before with openldap and fedora directory service but on a linux environment. I'l like to hear opinions on would be the best ldap server to use on an AIX enviroment. I'd like to setup a redundant setup.

Who is Participating?

Improve company productivity with a Business Account.Sign Up

George K.Connect With a Mentor Commented:
I have experienced FDS working great although, I have not personally not set it up, we had no problems since it was up and working.
George K.Commented:
Open source LDAP servers include:

Red Hat Directory Server/Fedora Directory Server. Red Hat Directory Server was initially bought from Netscape Security Solutions as a commercial product for Red Hat Enterprise Linux. Nowadays it is produced by Red Hat with name Red Hat Directory Server. Following its policy Red Hat produced version for Fedora Core also. It is called Fedora Directory Server that is perfect for distributives on the basis of RedHat. Codes of these servers coincide greatly because of the common root. Unlike OpenLDAP Fedora/Red Hat directory servers have good documentation.

OpenLDAP. OpenLDAP is the further development of the original slapd. It is widely distributed and used on many platforms like Linux, FreeBSD, Windows and MacOS X. Documentation containing on the website is quite obsolete, but there are many useful step-by-step instructions. OpenLDAP is time-tested. Its functionality is practically identical to RedHat directory server.

Commercial LDAP Servers 

Novell eDirectory. All products are free for higher educational establishments. It works with the help of the following operational systems: Novell Netware, Windows (NT), Linux (SUSE Enterprise, or RedHat), Solaris, AIX, HP-UX. You have everything in one product – all the necessary programs are given at once. Installation and customization are easy.
Advantages - exclusive documentation and affordable price, technical support for registered users and cross-platform function. Disadvantage – closed source files.

Microsoft Active Directory. It is a part of Windows Server family. It’s a perfect solution for MS networks. Advantages – perfect integration into the system, highly qualified documentation.

Sun Java System Directory Server. Sun merged with IPlanet Company and created its new product – Sun ONE, renamed afterwards to Sun Java System Directory Server. It is not a standalone product, but just a part of Java Enterprise System. System requirements: Solaris 10, Solaris 9, Solaris 8 (only for SPARC), Red Hat Enterprise Linux 2.1 and 3.1, HP-UX 11i, Microsoft Windows 2000, XP, 2003. You can not buy it apart from Java Enterprise System. But if you decide to use complex solution from Sun, you won’t have any problems. Sun engineers will help you to install and configure it according to your requirements.

IBM Tivoli Directory Server. LDAP-solution from IBM. It is supported by the following operational systems: AIX, Solaris, Microsoft Windows 2000, HP-UX, and also Linux for Intel and IBM eServer iSeries, pSeries and zSeries. Advantage – qualified, open and free for all documentation.

Here is the link too: http://www.morphosppc.com/article/ldap-servers/
I would go with IBM solution having in mind the above, but also stability of the whole system.
alas I don't work with LDAP in our AIX environment, but
1) As far as I know AIX machines can be clients of LDAP servers such as Fedora  or openldap without a problem.
2) There is of course an IBM/Tivoli solution, the "IBM Tivoli Directory Server" - http://www-01.ibm.com/software/tivoli/products/directory-server/ 
It's not part of AIX, and thus payable, of course. ( and it's NOT really cheap, ~ EUR 10.000 per POWER5 core).
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

sminfoAuthor Commented:
Hi georgekl,

I was taking a look at IBM Tivoli but it's too expensive I think knowing the situation in our enterprise. Have you test any open-source solution in an AIX production environment? We have MS Active Directory but not sure if windows admins are willy to make changes in the schema  to serve all AIX servers. So, I'd like to look for sometihing on unix/linux and if possible free :-). I've worked with fedora DS, but not sure if it's ready for AIX servers.
sminfoAuthor Commented:

wmp, any experience on using openldap or FDS?
woolmilkporcConnect With a Mentor Commented:
I think this Redbook "Integrating AIX into Heterogeneous LDAP Environments"
could help you a lot - http://www.redbooks.ibm.com/redbooks/pdfs/sg247165.pdf
I'd prefer to go with OpenLDAP on suse for both primary and secondary LDAP servers, and then configure Aix servers as LDAP clients.  If this environment is very big, you may considering configuring multiple secondary LDAP servers.
sminfoAuthor Commented:
Hi georgekl,

Sorry the delay. You said you have used FDS, but I ask you if you used it on an AIX environment? Do you have AIX authenticating with a FDS server without problems?
George K.Commented:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.