What Are Some Good Open Source Alternatives to Active Directory?

Question

I'm looking for a good open-source alternative to active directory that can handle:

• Authorization/Authentication
• Group Policy
• Replication and Trust Monitoring

In addition, are there any consolidated systems out there that handle these responsibilities?

Edit: Since a lot have asked for more details, I am trying to offer a service setting up an infrastructure for organizations, hardware/software setups, right now I am looking at a Linux stack, both desktops and servers, however a hybrid stack is possible, and I am investigating alternatives.

Answer 1

FreeIPA is one project that aims to replicate much of the functionality provided by Active Directory.

www.freeipa.org

Answer 2

Samba can do some of the things that AD can, but I'm not sure I'd call it a full-blown alternative. Take a look at this Samba intro to see if it will suit your needs.

Answer 3

I use GoSa as my AD server :

GOsa² provides a powerful GPL'ed framework for managing accounts and systems in LDAP databases. Using GOsa² allows system administrators to easily manage users and groups, fat and thin clients, applications, phones and faxes, mail distribution lists and many other parameters. In conjunction with FAI (Fully Automatic Installation), GOsa² allows the highly automated installation of preconfigured systems. GOsa² therefore provides a single, LDAP-based point of administration for large and small environments, thus making the administration of users and systems and all related parameters manageable and easy.

More info on https://oss.gonicus.de/labs/gosa/

Answer 4

If you are taking about Windows systems, I dont think there is any framework which is complete. In the Unix world some projects try to cover most of it by use of LDAP, NIS, PAM, NFS/AFS-trees, and some provisioning tools.

Look into Project Athena and Andrew for example.

Some projects like OpenSSO are going to support some of the policy aspects, but optimized for applications.

Answer 5

There is no open-source alternative that is even close to the functionality of Active Directory, as of 2009 anyway.

As MrDenny commented on your question - if you need all that, just use Active Directory, assuming you are supporting Windows clients.

Answer 6

I think you could have a look at open-source Apache Directory LDAP v3 compliant server http://directory.apache.org

Answer 7

As it was not mentioned yet, would 389 Directory Server be an alternative?

Answer 8

Samba 4, which is still beta, aims to be a strong alternative to AD.

Answer 9

There is no open-source alternative that can do all that. Samba can do a useful subset. Why are you asking?

Answer 10

If you're looking for something in the SOHO arena, then "SME Server" may do the trick.

http://wiki.contribs.org

I recently found it and have been playing with it on a test box. It seems pretty solid.

It will take care of all the normal stuff; file/print sharing, web, email and NAT.

It will also act as an old NT style PDC.

A nice review can be found here http://www.theregister.co.uk/2010/11/17/review_sme_server/

Answer 11

LDAP will provide you with an active directory alternative, however there is not currently an alternative for Group Policy that I've found. I know someone else had said that opensso will in the future, and I've heard the same thing about Samba. Like I said though currently there is not a Group Policy replacement. If you find one though don't hesitate to share.

Answer 12

Have you looked at Resara Server? Its an open source Active Directory PDC and file server based on samba4. http://www.resara.org

Answer 13

The LDS (Lightweight Directory Service) service in Server 2008 is basically the same replication engine that AD uses and you can setup users and groups inside the instance for authentication and authorization purposes. Just add it as a role from server manager after you install the OS.