Hi!
As stated some time ago the SUSE Linux Enterprise Server 15 (SLES15) switched from
OpenLDAP to 389 Directory Server.
Trying the latter, I see that it still works with BDB (4.8), and setup is easy. It also
seems to have modern features like these:
\n+Entry cn=SSHA256,cn=Password Storage Schemes,cn=plugins,cn=config is added
\n+Entry cn=SSHA384,cn=Password Storage Schemes,cn=plugins,cn=config is added
\n+Entry cn=SSHA512,cn=Password Storage Schemes,cn=plugins,cn=config is added
\n+Entry cn=SHA256,cn=Password Storage Schemes,cn=plugins,cn=config is added
\n+Entry cn=SHA384,cn=Password Storage Schemes,cn=plugins,cn=config is added
\n+Entry cn=SHA512,cn=Password Storage Schemes,cn=plugins,cn=config is added
\n+Entry cn=PBKDF2_SHA256,cn=Password Storage Schemes,cn=plugins,cn=config is added
However I wonder if it's possible to integrate a 389DS (ns-slapd,
http://www.port389.org/) into an OpenLDAP multi-master configuration. Definitely one
cannot sync the configuration section, because it's too different.
For example the ACL Syntax looks like this:
(targetattr="carLicense || description || displayName || facsimileTelephoneNumber ||
homePhone || homePostalAddress || initials || jpegPhoto || labeledURI || mail || mobile ||
pager || photo || postOfficeBox || postalAddress || postalCode || preferredDeliveryMethod
|| preferredLanguage || registeredAddress || roomNumber || secretary || seeAlso || st ||
street || telephoneNumber || telexNumber || title || userCertificate || userPassword ||
userSMIMECertificate || x500UniqueIdentifier")(version 3.0; acl "Enable self
write for common attributes"; allow (write) userdn="ldap:///self";)
Regards,
Ulrich