Fedora Directory Server (Open Source LDAP)

From Fedora Directory Server

The enterprise-class Open Source LDAP server for Linux. It is hardened by real-world use, is full-featured, supports multi-master replication, and already handles many of the largest LDAP deployments in the world. The Fedora Directory Server can be downloaded for free and set up in less than an hour using the graphical console.

Download | FAQ | Documentation | Architecture | Mailing Lists

Key Features

Multi-Master Replication, to provide fault tolerance and high write performance
Scalability: thousands of operations per second, tens of thousands of concurrent users, tens of millions of entries, hundreds of gigabytes of data
The codebase has been developed and deployed continuously by the same team for more than a decade
Extensive documentation, including helpful Installation and Deployment guides
Active Directory user and group synchronization
Secure authentication and transport (SSLv3, TLSv1, and SASL)
Support for LDAPv3
On-line, zero downtime, LDAP-based update of schema, configuration, management and in-tree Access Control Information (ACIs)
Graphical console for all facets of user, group, and server management

For more see our Features page

Community

To get in touch with us, you can try to reach us on IRC at #fedora-ds on irc.freenode.net or on one of our mailing lists.

New to the Project?

If you're new to the project you should start with our getting started page. It contains links to builds, source code and documentation. Our mission page also contains some good information about our mission and goals.

Recent News

Fedora Directory Server 1.1.1 is now available (June 10, 2008)

We are pleased to announce the availability of Fedora Directory Server 1.1.1. This is release is mostly to fix some bugs and add some functionality for freeIPA.

See the Release Notes for more information

Red Hat Directory Server wins Codie award (May 21, 2008)

Red Hat Directory Server is the branded version of Fedora Directory Server distributed and supported by Red Hat. The Codie awards are given by the Software & Information Industry Association (SIIA). Red Hat Directory Server won the Identity Management award. http://www.siia.net/codies/2008/winners.asp

Source for DSML Gateway now available (May 1, 2008)

DSML_Gateway is a Java Axis web service that exposes LDAP data to web services that understand DSMLv2. We do not have a binary distribution at this time, but the source code is now available.

Web apps are now available for version 1.1 (April 24, 2008)

The web applications have been moved into a separate package called fedora-ds-dsgw. This package contains the Phonebook, Org Chart, and DS Gateway applications. This package is now available as an add-on for the fedora-ds-admin package. The shell script /usr/sbin/setup-ds-dsgw is provided to configure the applications and enable them to be used from the Admin Server home page (as in 1.0 and earlier versions). See the DSGW_Install_Guide for more information.

Security vulnerability in fedora-ds-admin (April 22, 2008)

The fedora-ds-admin-1.1.0 package has a couple of security vulnerabilities:

CVE-2008-0892 Directory Server: shell command injection in CGI replication monitor - https://bugzilla.redhat.com/show_bug.cgi?id=437301
CVE-2008-0893 Directory Server: unrestricted access to CGI scripts - https://bugzilla.redhat.com/show_bug.cgi?id=437320

The new package is fedora-ds-admin-1.1.4-1 This package is available from the Fedora yum repository for F-7 and later, or from the dirsrv yum repo on Fedora 6 and EL5. See Install_Guide for information about how to use these yum repositories for your platform.

There are also updates to the adminutil (new version 1.1.6) and to some of the other packages. These updates are recommended.

NOTE: the vulnerabilities affect all versions of Fedora DS, including 1.0.4. We currently have no plans to do another binary RPM release. Please see the bug reports to find out how to patch earlier releases.

NOTE for Fedora 8 and later users: all of the packages are now in the standard Fedora repos. Please remove your /etc/yum.repos.d/idmcommon.repo and /etc/yum.repos.d/dirsrv.repo files before you install or upgrade. See Install_Guide for more information.

NOTE for Fedora 6, 7 and EL5 users: You may get an error about a missing dependency fedora-admin-console when upgrading. If you get this error, remove the old fedora-ds package (yum erase fedora-ds) and upgrade again.

Security vulnerability in fedora-idm-console (March 19, 2008)

The fedora-idm-console-1.1.0 package has a security vulnerability - details are here: https://bugzilla.redhat.com/show_bug.cgi?id=436101

A new version of the package is now available - fedora-idm-console-1.1.1-1 - to fix the problem. Download contains instructions about how to set up your yum repositories to get this update, then do

yum upgrade fedora-idm-console

Fedora Directory Server 1.1.0 is now available (January 8, 2008)

We are pleased to announce the availability of Fedora Directory Server 1.1.0.

See the Release Notes for more information

Windows Console for Fedora DS 1.1 is now available (December 14, 2007)

The Windows Console is packaged in the usual Windows Installer MSI format. This will allow you to manage your Fedora Directory Server installation from your Windows Desktop. See Release_Notes for more information.

Fedora DS 1.1 Beta is now available (November 26, 2007)

We are pleased to announce the availability of the Fedora DS 1.1 beta, complete with Admin Server and Console. Migration from Fedora DS 1.0 and earlier is supported by scripts provided with the package. See Release_Notes for more information.

Fedora DS 1.1 is new feature code complete (October 9, 2007)

The code has been completed for the new features in Fedora DS 1.1. Our focus now is on whittling down the bug list, testing, and updating the documentation. We're also planning how to build and release the admin server and console pieces through our own yum repository.

Notice: File/Path Naming Has Changed (September 18, 2007)

If you are using the fedora-ds-base (version 1.1.0-0.3 or earlier) included in the Fedora distro, please be aware that the file/path naming has been changed in later packages (1.1.0-1.0 and later).

If you upgrade from 1.1.0-0.3 to 1.1.0-1.0 or later, you will break all of the scripts and configuration files, because they will all still refer to the old paths.

Files/paths in older versions that had fedora-ds in the name now use dirsrv. For example:

The init script/service is now called dirsrv not fedora-ds

service dirsrv start

instead of

service fedora-ds start

The configuration directory is now /etc/dirsrv instead of /etc/fedora-ds
The scripts such as db2ldif, ldif2db, etc. are in $libdir/dirsrv/slapd-instance instead of $libdir/fedora-ds/slapd-instance.
The sub directories under /var - /var/log/dirsrv, /var/lib/dirsrv, etc.

We are working on this issue and will provide migration instructions/scripts.

Work is proceeding on Fedora DS 1.1 (September 17, 2007)

Fedora DS 1.1 will have the following:

Discrete packaging - several small packages instead of one monolithic package that contains redundant components - Discrete_Packaging
Filesystem Hierarchy Standard file and path layout - everything will be where you expect it to be - FHS_Packaging
Migration support - easy upgrade/migration from 1.0 and earlier releases - DS Admin Migration and Migration From 10
Easier, more flexible set up - FDS Setup and New_Setup_Design

Fedora DS now supports LDAPI (LDAP over unix domain sockets) (February 26, 2007)

The cvs head now contains code for LDAPI support allowing secure local connections to the server without TCP overhead.

Fedora DS core is now in Fedora Extras (Febrary 14, 2007)

You can now install the core Fedora DS from Fedora Extras on FC-5, FC-6, and devel (FC-7). The core Fedora DS does not contain the console or admin server pieces - these are still in development, and planned for inclusion in Fedora Extras when ready. See FDS_Into_FedoraCore for the status of the effort to get Fedora DS into Fedora Extras.

Fedora DS gets posix/unix automatic uid generation (February 08, 2007)

The cvs head now contains a new feature for automatic generation of sequenced numbers which is compatible with multi-master replication environments. This feature can be used for automatic generation of posix uidNumber and gidNumber in addition to other sequenced numeric attributes required by your deployment.

Nice review at linux.com (December 08, 2006)

Now Fedora Directory Server (FDS), Red Hat's open source LDAP server, makes setting up an enterprise directory server on Linux simple. http://enterprise.linux.com/enterprise/06/11/28/2019258.shtml?tid=129&tid=100

Fedora DS binaries for Fedora Core 4 and 6 x86_64; New Windows Password Sync (December 05, 2006)

The Download page now has Fedora DS 1.0.4 RPMs for Fedora Core 6 and 4 x86_64.
The Download page also has a new PassSync.msi for Windows AD password sync

Fedora Directory Server 1.0.4 is released (November 9, 2006)

We are pleased to announce the release of Fedora Directory Server 1.0.4! This version addresses some serious issues with the setup program during upgrade install. Please refer to the Release_Notes for more information and to the Download page for downloads.

Fedora Directory Server 1.0.3 is released (October 31, 2006)

We are pleased to announce the release of Fedora Directory Server 1.0.3! This version, while primarily a bug fix release, now supports new password generation when using the password extended operation (ldappasswd). Please refer to the Release_Notes for more information and to the Download page for downloads.

We've reached 100,000 downloads (October 01, 2006)

There have now been in excess of 100,000 downloads of the Directory Server. Many thanks to the users and supporters of our product.

Enomalism uses Fedora DS for user and domain storage (07/17/2006)

The Enomalism Virtualized Management Console (VMC) is a powerful web-based systems administrator management tool for XEN hypervisor that enables the management of multiple isolated Virtual Private Servers (VPS) to be managed from a central web based interface. Fedora Directory Server provides the LDAP functionality required to manage users, and store domain information. See http://enomalism.com/Wiki.wiki+M5902e6c2d07.0.html for more information.

VMWare Appliance for Fedora DS 1.0.2 (June 23, 2006)

Thomas Lackey has contributed a VMWare virtual machine appliance featuring Fedora (LDAP) Directory Server 1.02 on Fedora Core 5 at http://www.vmware.com/vmtn/appliances/directory/320

Binary RPMs for Fedora Core 5 32bit and 64bit

We now have binary RPMs for Fedora Core 5 for 32 bit and 64 bit versions, available on the Download page.

Fedora Directory Server 1.0.2 is released (March 02, 2006)

We are pleased to announce the release of Fedora Directory Server 1.0.2! This version has enhanced support for password syntax checking (minimum number of digits, minimum number of letters, and more), x86_64 support, preliminary support for Fedora Core 5, and many bug fixes. Please refer to the Release_Notes for more information and to the Download page for downloads.

Review of Fedora Directory Server in Redmond Mag

A review of Fedora Directory Server by WinLinAnswers.com appears in Redmond Magazine. This is a generally favorable review, and will be especially interesting for Active Directory administrators or those with a Windows background.

Fedora Directory Server 1.0.1 is released (December 8, 2005)

We are pleased to announce the release of Fedora Directory Server 1.0.1! This version fixes a couple of serious bugs in the 1.0 product. If you are running 1.0, you are strongly encouraged to upgrade to 1.0.1 as soon as possible.

December 1, 2005

We are pleased to announce the release of Fedora Directory Server 1.0! This version fulfills the promise to open all of the directory server source code that we made almost 1 year ago - December 8, 2004 - the date at which Red Hat acquired the code.

Screenshots have been added.

September 20, 2005

Introducing mod_nss, an SSL module for Apache 2.0.x. It provides similar capabilities to mod_ssl but uses the NSS security library from mozilla.org.

September 19, 2005

A favorable review of Red Hat Directory Server and Fedora Directory Server by eWeek - http://www.eweek.com/article2/0,1895,1860497,00.asp

September 13, 2005

Two more components have been released open source - AdminUtil and SetupUtil.

AdminUtil is used for
- CGIs and other programs to communicate and interact with the Admin Server
- An API to store application preferences in the Directory Server.
SetupUtil is used for
- An alternative to native packaging (RPM, pkg, etc.)
- Interactive (and silent) pre- and post- installation server configuration and set up

September 1, 2005

A favorable review of Red Hat Directory Server (which is the same as Fedora Directory Server right now) in Unix Review - http://www.unixreview.com/documents/s=9846/ur0508f/

Work is proceeding on the remaining open source items. Setuputil and Admin Server are almost ready. Once those are done, we should have a completely open source stack.

August 16, 2005

A favorable review of Fedora Directory Server in InfoWorld - http://www.infoworld.com/article/05/08/08/32FEossldap_1.html?s=feature

July 15, 2005

The Fedora Management Console and the Fedora Directory Server Console are now open-sourced! For details on checking out and building the code, see the building console page.

June 15, 2005

MD5 password hashing support has been added to Fedora Directory Server. This makes it possible to import LDIF data from other servers that store passwords using the MD5 algorithm. A new script that assists in migrating your OpenLDAP schema to Fedora Directory Server has been contributed as well. Details are available here.

June 1, 2005

The Fedora Directory Server is released to the world!

Retrieved from "http://directory.fedoraproject.org/wiki/Main_Page"