389 DS is nowadays supporting the syncrepl protocol, so in theory it
_might_ work but I have not tried it.
The real question is why would anyone want to use BDB in 2018 when MDB
has already been around for more than a few years?
On Tue, Aug 21, 2018 at 11:09 PM Ulrich Windl
<Ulrich.Windl(a)rz.uni-regensburg.de> wrote:
Hi!
As stated some time ago the SUSE Linux Enterprise Server 15 (SLES15) switched from
OpenLDAP to 389 Directory Server.
Trying the latter, I see that it still works with BDB (4.8), and setup is easy. It also
seems to have modern features like these:
\n+Entry cn=SSHA256,cn=Password Storage Schemes,cn=plugins,cn=config is added
\n+Entry cn=SSHA384,cn=Password Storage Schemes,cn=plugins,cn=config is added
\n+Entry cn=SSHA512,cn=Password Storage Schemes,cn=plugins,cn=config is added
\n+Entry cn=SHA256,cn=Password Storage Schemes,cn=plugins,cn=config is added
\n+Entry cn=SHA384,cn=Password Storage Schemes,cn=plugins,cn=config is added
\n+Entry cn=SHA512,cn=Password Storage Schemes,cn=plugins,cn=config is added
\n+Entry cn=PBKDF2_SHA256,cn=Password Storage Schemes,cn=plugins,cn=config is added
However I wonder if it's possible to integrate a 389DS (ns-slapd,
http://www.port389.org/) into an OpenLDAP multi-master configuration. Definitely one
cannot sync the configuration section, because it's too different.
For example the ACL Syntax looks like this:
(targetattr="carLicense || description || displayName || facsimileTelephoneNumber ||
homePhone || homePostalAddress || initials || jpegPhoto || labeledURI || mail || mobile ||
pager || photo || postOfficeBox || postalAddress || postalCode || preferredDeliveryMethod
|| preferredLanguage || registeredAddress || roomNumber || secretary || seeAlso || st ||
street || telephoneNumber || telexNumber || title || userCertificate || userPassword ||
userSMIMECertificate || x500UniqueIdentifier")(version 3.0; acl "Enable self
write for common attributes"; allow (write) userdn="ldap:///self";)
Regards,
Ulrich