Hi!
As stated some time ago the SUSE Linux Enterprise Server 15 (SLES15) switched from OpenLDAP to 389 Directory Server. Trying the latter, I see that it still works with BDB (4.8), and setup is easy. It also seems to have modern features like these:
\n+Entry cn=SSHA256,cn=Password Storage Schemes,cn=plugins,cn=config is added \n+Entry cn=SSHA384,cn=Password Storage Schemes,cn=plugins,cn=config is added \n+Entry cn=SSHA512,cn=Password Storage Schemes,cn=plugins,cn=config is added \n+Entry cn=SHA256,cn=Password Storage Schemes,cn=plugins,cn=config is added \n+Entry cn=SHA384,cn=Password Storage Schemes,cn=plugins,cn=config is added \n+Entry cn=SHA512,cn=Password Storage Schemes,cn=plugins,cn=config is added \n+Entry cn=PBKDF2_SHA256,cn=Password Storage Schemes,cn=plugins,cn=config is added
However I wonder if it's possible to integrate a 389DS (ns-slapd, http://www.port389.org/) into an OpenLDAP multi-master configuration. Definitely one cannot sync the configuration section, because it's too different.
For example the ACL Syntax looks like this: (targetattr="carLicense || description || displayName || facsimileTelephoneNumber || homePhone || homePostalAddress || initials || jpegPhoto || labeledURI || mail || mobile || pager || photo || postOfficeBox || postalAddress || postalCode || preferredDeliveryMethod || preferredLanguage || registeredAddress || roomNumber || secretary || seeAlso || st || street || telephoneNumber || telexNumber || title || userCertificate || userPassword || userSMIMECertificate || x500UniqueIdentifier")(version 3.0; acl "Enable self write for common attributes"; allow (write) userdn="ldap:///self";)
Regards, Ulrich