top of page
  • Matthew Hardin

The Not-So-Bright Future of Directory Services in Red Hat Enterprise Linux

389-ds and Red Hat Directory Server are being touted as Red Hat’s LDAP server solutions on future versions of their OS, but the fine print has some surprises.

In March, 2018, we learned Red Hat plans to phase out support for the OpenLDAP directory server and remove it from upcoming Red Hat Enterprise Linux (RHEL) distributions. You can read our published response here.

What if you want to keep using a Free and Open Source LDAP server solution? Red Hat proposed that affected organizations migrate their LDAP environments to 389-ds, a free “junior” version of the Red Hat Directory Server (RHDS).

But the fine print isn’t reassuring.

“The 389-ds packages provide the core directory services components for Identity Management (IdM) in Red Hat Enterprise Linux and the Red Hat Directory Server (RHDS). The package is not supported as a stand-alone solution to provide LDAP services.” View Source

So Red Hat will not support 389-ds if you use it with anything but their IdM software. This leaves the following choices for a supported stand-alone LDAP directory solution:

  1. Use 389-ds without support

  2. Embrace Red Hat’s IdM solution starting at $41,000 per instance and live with its restrictions

  3. License the Red Hat Directory Server at $7,000 per server (RHDS is not open source)

At Symas, You Have a Choice

Symas will support your existing OpenLDAP servers for just $1,000 a server per year - whether you use Red Hat’s packages or ours.

Test servers? $1,000 more covers them all. 24x7x365 critical issue support costs just 50% more.

When you need updates we’ll be standing by with our free RPMs. Our engineers wrote most of the code for OpenLDAP and we’ve been supporting it for years, so rest assured we’re qualified to support you - and we will. Even when Red Hat won’t.

389 views0 comments

Recent Posts

See All

OpenLDAP Containers and a Helm Chart

Symas announces commercial support for an OpenLDAP container and associated Helm Chart, simplifying deployment of OpenLDAP within Kubernetes or anywhere Docker is available. The containers and chart,

About the LDAP Load Gen Project

LDAP Load Generator is a tool we use at Symas to drive load tests for OpenLDAP releases. What Can It Do? Add, Modify, Delete, Read, Search, Bind and Compare operations with LDAP User and Group entries

Better Management for Directory (LDAP) Traffic

Many LDAP Directories have several servers handling requests from many clients. The load on each server varies. Redirecting traffic when a server goes away can be a challenge. There are companies offe


bottom of page