Hi LQ Members,

Rather than this being a request for help (That will come later I am sure) I am looking for some advice for a private project I am interested in tinkering with. While at Uni I had an idea of creating a pure Open source network domain, in my spare time. I never had any spare to try and complete it, however now I have plenty of spare time and have decided to try it.

I decided I would start by creating a domain controller and work out from there adding services and devices as and when I was able (I am planning on doing this in a virtual environment) I am struggling to get started as there appears to be very few alternatives to MS's Active directory (Could be wrong only newish to the open source way) the only alternative I am able to find is Open LDAP which seems to be (from what I can see) a far cry from being usuable and not so easy to configure. As just about every source I can find mentions Kerebos and Samba to be configured in conjunction with Open LDAP to get it to work.

If anyone knows of any alternatives, or can point me to a good guide for setting up Open LDAP I will greatly appreciate it.

Nothing to do with Networking. Moved to Server.

OpenLDAP is not usable? How do you work that out? it's been stable and very very heavily used for many years. I think that your problem is likely to be that you are trying to frame it as an domain controller, which it is absolutely not, and in no way ever intended to be. Minecraft and ripe French Camembert are also excellent in their own fields, but I wouldn't recommend those for AD replacements either

Active Directory is a hotch potch of all sorts of unrelated and tenuously related services. An LDAP server can provide *SOME* of these - user information storage, user password storage, user verification, group memberships, but it has nothing to do with domain membership, group policy etc.

SaMBa would be the service which provides domain membership, and the latest versions of SaMBa contain a built in LDAP service, so you would not need to use OpenLDAP with it. You would, as you observe, use kerberos with it though, as that's a system that provides user authentication through KRB5 tickets, another thing that is bundled into the vague concept of an AD DC. These are separate products as they really just have nothing in common. they need to be aware of each other and interact in some ways, but not to the extent where they are part of the same thing.

Everything acid_kewpie said is good info

If you'd actually like to seem some HOWTOs for LDAP on Centos6 http://www.server-world.info/en/note?os=CentOS_6&p=ldap
A different take http://www.linuxhomenetworking.com/w...DAP_and_RADIUS
and another http://www.linuxtopia.org/online_boo...ion/index.html