top of page
  • Matthew Hardin

The Not-So-Bright Future of Directory Services in Red Hat Enterprise Linux

389-ds and Red Hat Directory Server are being touted as Red Hat’s LDAP server solutions on future versions of their OS, but the fine print has some surprises.

In March, 2018, we learned Red Hat plans to phase out support for the OpenLDAP directory server and remove it from upcoming Red Hat Enterprise Linux (RHEL) distributions. You can read our published response here.

What if you want to keep using a Free and Open Source LDAP server solution? Red Hat proposed that affected organizations migrate their LDAP environments to 389-ds, a free “junior” version of the Red Hat Directory Server (RHDS).

But the fine print isn’t reassuring.

“The 389-ds packages provide the core directory services components for Identity Management (IdM) in Red Hat Enterprise Linux and the Red Hat Directory Server (RHDS). The package is not supported as a stand-alone solution to provide LDAP services.” View Source

So Red Hat will not support 389-ds if you use it with anything but their IdM software. This leaves the following choices for a supported stand-alone LDAP directory solution:

  1. Use 389-ds without support

  2. Embrace Red Hat’s IdM solution starting at $41,000 per instance and live with its restrictions

  3. License the Red Hat Directory Server at $7,000 per server (RHDS is not open source)

At Symas, You Have a Choice

Symas will support your existing OpenLDAP servers for just $1,000 a server per year - whether you use Red Hat’s packages or ours.

Test servers? $1,000 more covers them all. 24x7x365 critical issue support costs just 50% more.

When you need updates we’ll be standing by with our free RPMs. Our engineers wrote most of the code for OpenLDAP and we’ve been supporting it for years, so rest assured we’re qualified to support you - and we will. Even when Red Hat won’t.

References What is the support status of the LDAP-server shipped with Red Hat Enterprise Linux? March 22, 2018 What are the differences with the packages 389-ds from Red Hat Enterprise Linux versus redhat-ds from Red Hat Directory Server? October 3rd, 2018 (paywalled)

229 views0 comments

Recent Posts

See All

LDAP Load Generator is a tool we use at Symas to drive load tests for OpenLDAP releases. What Can It Do? Add, Modify, Delete, Read, Search, Bind and Compare operations with LDAP User and Group entries

Many LDAP Directories have several servers handling requests from many clients. The load on each server varies. Redirecting traffic when a server goes away can be a challenge. There are companies offe

Just back from Gartner’s IAM Summit in Vegas where I learned about industry trends surrounding Identity and Access Management, its problems and solutions. One thing I picked up on, we’re all good wit

bottom of page