Poll of sorts - on LDAP

MichaelFelt · July 22, 2013, 7:10am

1) Do you use LDAP on AIX? (as a client)

2) If yes, what LDAP server technology do you use:

a) IDS (or ITDS) - IBM Tivoli Directory Server
b) AD
c) openLDAP
d) other - please list.

I ask, because I am looking at openLDAP as well as IDS and am wondering if there is a clear preference I should be following.

Thanks (in advance) for your replies!

zaxxon · July 22, 2013, 7:14am

I used to engineer and implement it for AIX in my former company.
The server side was a Novell eDirectory; it worked well from a view of the client. I could imagine that other types of LDAP server work as well. Where I work currently there is an MS Active Directory supllying the LDAP data and works well too.

Lerphil · July 22, 2013, 7:54am

I have implemented and configured openLDAP, with AIX but have never used IDS. I personally like openLDAP.

ross.mather · July 25, 2013, 3:58pm

I've used IDS in the past but found it rather cumbersome and massively over the top for what I needed. End customer found maintaining it rath a chore as well, and are looking for a simpler option.

Other customers have used AD but the required schema change puts many AD administrators off.

Cheers
Ross

MichaelFelt · August 14, 2013, 11:28am

Thanks for your replies. Finally not in a plane, visiting customers, etc..

IDS seems daunting - but it does have the schema for supporting all AIX user attributes. Most customers I see usig LDAP and not IDS only support/use the RFC2307 (basically /etc/passwd and /etc/group entries) and rely on the files in /etc/security - in particular /etc/security/user - but never think to update them.

Also, no RBAC/TE support, by default, in non-IDS.

I doubt I will experiment with AD (what I hear is if you add the AIX schema AD is out of support) as customers do not like to "go out of support". So, when they use AD as server for AIX they use the AD equivalent of RFC2307.

I expect openLDAP to support RFC2307 - out of the box. I have been reading their documentation and am hopeful that the AIX schema can be added in without too much difficulty - since that know have a tool for configuring slapd - keeping the config info in private ldif files, similiar to how IDS does it's configuration.

Just remember, in discussions, IDS does not really need to be administered/updated in the LDAP internals if it is only being used for AIX - IDS/ITDS is already configured for AIX support. AND - when used for AIX only - there is no additional charge. FYI...

@Lerphil - are you using openLDAP with rfc2307AIX schema, or rfc2307 only?