In search of Open Source directory server

directories logos

I have been looking for a directory server mainly to centralize my user management. The lazy me is getting tired of creating user accounts for each service that I run at home. This post is NOT a review post, but a summary of what I found while I was looking for a directory management server.

My current requirements are:

  • Has to be a distro for easy maintenance
  • Has to have RADIUS
  • Has to have OpenLDAP
  • Active in the development
  • Supports master and slave setup
  • Not a resources hungry
  • Portal or an option for the users to change their account passwords

The distros that I have found that can be my potential directory servers are the following:

  1. FreeIPA
  2. ClearOS
  3. Zentyal
  4. Nethserver
  5. Univention Corporate Server (UCS)

I have been testing the mentioned directory servers for the past weeks on and off. Though my testing was not extensively, enough to say that each distro did or did not match my requirements.

Each VMs that I used have the following spec:

  • 2x vCPU
  • 2GB of RAM
  • ~50GB vDisk

FreeIPA

FreeIPA is not a distro. FreeIPA is the free version of RedHat’s Identity Management Server (IdM). FreeIPA is what we use at work, so I thought this was what I want for my home. I installed this on a CentOS 7 VM, and the installation was fairly easy and there are plenty of guides out there in the wild.

FreeIPA ticked most of my requirements, but the distro and RADIUS requirements. There was a guide for FreeRADIUS, so I was OK with it not having a FreeRADIUS out of the box. Since it was plenty of installation guide, I was OK with it as well.

The problem that I encountered, I am not a sysadmin, so I was probably doing something wrong, but I could not get the web UI to work. I was getting SEC_ERROR_REUSED_ISSUER_AND_SERIAL.

Whatever browser I used, it was the same error message. Funny enough, my phone Chrome browser app was the only one to work. I had deleted the certs, cleared the browser history, cleared the cookies, restarted my laptops, spun up a new VM, etc nothing worked, but my phone. So, instead of wasting time trying to fix the issue, I axed FreeIPA and moved to the next distro.

ClearOS Community Edition

ClearOS is owned by HPE. As far as I know, the distro is based on CentOS. I found this distro to be somewhat easy to use. ClearOS can be used as a firewall or a server. I picked the server for my use case. When I was testing this distro, I was able to integrate Nextcloud and Emby using the built-in manager account.

ClearOS has a Marketplace. So, services like RADIUS, OpenLDAP, etc are one easy to download and install. ClearOS met all my requirements, but the master/slave can only be done in the Business or Pro version. Also, I have to keep using the built-in Manager account for all my services. I am not sure if that is a good thing, I usually create a new service account for each purpose or function.

Zentyal Development Edition

Zentyal is advertised as Microsoft Active Directory replacement. Zentyal is based on Ubuntu Linux. Just like ClearOS, Zentyal was easy to use. The distro can be used as a firewall or a server. Again, I picked the server because of my use case.

The issue that I have with Zentyal was there is no portal or option for the users to change their passwords. At this point in time, I do not have any plans of joining all my users to the domain. My environment is more like BYOD. So having a portal for password change is important. Also, similar with ClearOS, I have to use the built-in admin account as a service account to integrate Nextcloud and Emby. It is not really my cup of tea.

Nethserver

Nethserver is based on CentOS 7. Similar to ClearOS, Nethserver has a Software center where you can download and install apps. I didn’t like Nethserver’s layout. It is too much going on the left pane menu.

During my testing, I noticed that it didn’t have FreeRADIUS in the Software center and there is not an option for master /slave. However, there is this HotSync which is supposed to be the master/slave. HotSync is still in beta at the time of this writing. So Nethserver was a quick one, so I moved to UCS Core Edition.

UCS Core Edition

Univention is based on Debian which is I really preferred because most of my servers are Debian based. UCS has a really nice web UI and it is very clean and easy to navigate around. UCS also has an App Center to download the necessary apps/services.

UCS ticked all my requirements – master/slave, user password reset portal, FreeRADIUS, and updating is a click away. I think I am going to keep evaluating UCS for now, but it seems like it is the server that I am looking for.

Cheers!

Leave a Comment

Your email address will not be published. Required fields are marked *

9 × 1 =

WordPress Appliance - Powered by TurnKey Linux