Tip of the Trade: Fedora Directory Server
Whatever your primary computing platform, chances are sooner or later you will need to support some form of LDAP. To make your life a bit easier, give Fedora Directory Server (FDS) a look. Putting static data in a LDAP back end is a great way to save on labor and minimize hassles. FDS is exceptionally robust and manageable. It boasts of these features:
- Multi-master replication
- Friendly user community
- Reliable hot-backups and restores
- HTTP-based management console
- Complete CLI administration
- Integration utility for Active Directory users and groups
- Secure authentication and transport via Mozilla NSS
- Most changes don't need a server restart
FDS scales nicely from tiny test systems to huge enterprise systems. Multi-master replication is designed for very large deployments. Up to four master servers synchronize with each other for fault-tolerance and speed. If you don't trust multi-master replication, FDS supports the standard primary/secondary architecture.
FDS uses the NSS (Network Security Services) cryptography back end. This replaces OpenSSL and GnuTLS, which FDS does not support. NSS provides a mechanism for central encryption certificate management, which is very useful, as everything from Web servers to mail clients and remote administration programs to word processors support certificates these days.
Combine FDS with Samba or pGina, and you have robust, centralized cross-platform single-sign-on authentication. That's right, Linux, Mac OS X, Windows, and any other Unix all living together in harmony. Visit Fedora.redhat.com for downloads and literally hundreds of pages of documentation, plus a great Wiki.