What is the support status of the LDAP servers shipped with Red Hat Enterprise Linux?
Environment
- Red Hat Enterprise Linux (RHEL) 5, 6, 7, 8 & 9
- Red Hat Directory Server (RHDS)
- Identity Management (IdM)
- OpenLDAP (openldap)
- 389-ds (389-ds-base)
Issue
- I want to run an LDAP-compliant server on Red Hat Enterprise Linux (RHEL). I see there are different LDAP server available. Which one should I choose to have a fully supported setup?
- 389-ds-base package is shipped with base channel of RHEL, is it supported to install 389-ds-base & configure & use it as LDAP server?
Resolution
Red Hat provides different LDAP-compliant server options:
389-ds
The 389-ds packages provide the core directory services components for Identity Management (IdM) in Red Hat Enterprise Linux and the Red Hat Directory Server (RHDS). The package is not supported as a stand-alone solution to provide LDAP services.
More information can be found here:
The supported usage of 389-ds and 389-ds-base packages in Identity Management in RHEL and RH Directory Server
OpenLDAP
The OpenLDAP server package is part of Red Hat Enterprise Linux. The development of the product mostly happens in the upstream community and is not driven by Red Hat. We support the OpenLDAP server as follows:
- If a bug or RFE is reported by a customer, we will submit the report upstream and rely on the OpenLDAP community to work on a fix.
- We try to identify a workaround for the reported problem when applicable.
- We will fix CVEs that have been reported in the OpenLDAP packages.
Important: Starting with Red Hat Enterprise Linux 7.4, the openldap-servers package has been deprecated and will not be included in a future major release of Red Hat Enterprise Linux. There is a variety of open source tools and solutions that provide directory services. With the raise of the adoption of the Identity Management in Red Hat Enterprise Linux (IdM) solution and decline in use of the OpenLDAP server for the enterprise use cases Red Hat made a decision to focus on the technologies that Red Hat historically had deep understanding, expertise and been investing into for more than a decade. Focusing on Red Hat Directory Server and IdM offerings would allow Red Hat to better serve the customers of those solutions and increase the value of subscription. OpenLDAP server will be supported till the end of the life of the RHEL7 release following the Red Hat Enterprise Linux Life Cycle.
Red Hat Directory Server
The Red Hat Directory Server (RHDS) is a fully supported LDAP-compliant server for Red Hat Enterprise Linux that centralizes user identity and application information. It provides an operating system-independent, network-based registry for storing application settings, user profiles, group data, policies, and access control information.
For more information about RHDS, please visit the following page:
Red Hat Directory Server Overview
There are two main use cases when an LDAP server might be needed. One to provide authentication and account management within an enterprise. For this use case instead of vanilla LDAP server we recommend using Identity Management (IdM) in Red Hat Enterprise Linux solution that has a lot of features and capabilities focused on providing domain controller services to Linux and UNIX clients. The second use case is to build an account store for a business application. For that one would need an enterprise grade LDAP solution. We recommend Red Hat Directory Server here.
If you need more information about the various products or if you are interested in possible migration paths from OpenLDAP to either Identity Management or Red Hat Directory Server, please open a support ticket with Red Hat's Global Support Services.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments