Monday, 19 March 2018

Active Directory Services


What is Active Directory?
Active Directory (AD) is a directory service that Microsoft developed for Windows
domain networks. It is included in most Windows Server operating systems as a 
set of processes and services.
A server running Active Directory Domain Services (AD DS) is called a domain 
controller. It authenticates and authorizes all users and computers in a Windows 
domain type network assigning and enforcing security policies for all computers 
and installing or updating software. For example, when a user logs into a computer
that is part of a Windows domain, Active Directory checks the submitted password 
and determines whether the user is a system administrator or normal user.  
Also, it allows management and storage of information, provides authentication and 
authorization mechanisms, and establishes a framework to deploy other related 
services: Certificate Services, Federated Services, Lightweight Directory Services 
and Rights Management Services

What is LDAP?
The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, 
industry standard application protocol for accessing and maintaining distributed 
directory information services over an Internet Protocol (IP) network. Directory 
services play an important role in developing intranet and Internet applications by
allowing the sharing of information about users, systems, networks, services, and 
applications throughout the network. As examples, directory services may provide
any organized set of records, often with a hierarchical structure, such as a corporate 
email directory.
A common use of LDAP is to provide a central place to store usernames and passwords. 
This allows many different applications and services to connect to the LDAP server to 
validate users

Available Active Directory servers 
1. Microsoft Active Directory - by Windows:
Active Directory is Microsoft's trademarked directory service, an integral part 
of the Windows 2000 architecture. Active Directory is a centralized and 
standardized system that automates network management of user data, security,
and distributed resources, and enables interoperation with other directories. 
Active Directory is designed especially for distributed networking environments.

2. OpenLDAP - by community developed(OpenLDAP foundation)
OpenLDAP is a free, open source implementation of the Lightweight Directory 
Access Protocol (LDAP) developed by the OpenLDAP Project. It is released 
under its own BSD-style license called the OpenLDAP Public License.
LDAP is a platform-independent protocol. Several common Linux distributions 
include OpenLDAP Software for LDAP support. The software also runs on 
BSD-variants, as well as AIX, Android, HP-UX, macOS, Solaris, Microsoft 
Windows (NT and derivatives, e.g. 2000, XP, Vista, Windows 7, etc.), and z/OS.

3. FreeIPA - an upstream open-source project for Red Hat Identity Manager
FreeIPA is an Identity management system. It aims to provide an easily managed 
Identity, Policy, and Audit (IPA). Its features are Integrated security information 
management solution combining Linux (Fedora), 389 Directory Server, MIT
Kerberos, NTP, DNS, Dogtag certificate system, SSSD and others, built on
 top of well known Open Source components and standard protocols, strong 
focus on ease of management and automation of installation and configuration 
tasks, full multi master replication for higher redundancy and scalability, 
extensible management interfaces (CLI, Web UI, XMLRPC and JSONRPC 
API) and Python SDK

4. ApacheDS - by Apache
ApacheDS™ is an extensible and embeddable directory server entirely written
in Java, which has been certified LDAPv3 compatible by the Open Group. 
Besides LDAP it supports Kerberos 5 and the Change Password Protocol. 
It has been designed to introduce triggers, stored procedures, queues and 
views to the world of LDAP which has lacked these rich constructs.

5. OpenDJ - by Oracle, ForgeRock
OpenDJ is a directory server which implements a wide range of Lightweight 
Directory Access Protocol and related standards, including full compliance with
LDAPv3 but also support for Directory Service Markup Language (DSMLv2).  
Written in Java, OpenDJ offers multi-master replication, access control, and 
many extensions.

6. 389 Directory - by Red Hat
The enterprise-class Open Source LDAP server for Linux. It is hardened by 
real-world use, is full-featured, supports multi-master replication, and already 
handles many of the largest LDAP deployments in the world. 
The 389 Directory Server can be downloaded for free, and set up in less 
than an hour.

Open Source LDAP Directory Servers 
1. OpenLDAP based on LDAP
2. FreeIPA based on 389 Directory Server, MIT Kerberos, NTP, DNS, Dogtag, LDAPv3
3. ApacheDS based on LDAP and Kerberos
4. OpenDJ based on LDAPv3
5. 389 Directory - based on LDAP

Licensed Open Source LDAP Directory Server 
1. OpenLDAP - OpenLdap Public Licence
2. ApacheDS - under Apache License
3. OpenDJ - under the CDDL(Common Development and Distribution License)
4. FreeIPA - under the GNU General Public License v3
5. 389 Directory Server - GPL License

No comments:

Post a Comment

Amazon EKS - Kubernetes on AWS

By Komal Devgaonkar Amazon Elastic Container Service for Kubernetes (Amazon EKS), which is highly available and scalable AWS service....