Flight Engineer Flight Engineer
Flight Engineer

Red Hat Directory Server

what are the uses of RHDS

Labels (3)
0 Kudos
3 Replies
Flight Engineer Flight Engineer
Flight Engineer

Red Hat Directory Server is an LDAP-compliant server that centralizes user identity and application information. It provides an operating system-independent, network-based registry for storing application settings, user profiles, group data, policies, and access control information.


Just to complement the very good answer from @harpreetsingh , most organizations nowadays prefer to use RHEL IdM (based on the FreeIPA open source project) than RHDS. IdM is part of every RHEL subscription, is not a layered product.

IdM include RHDS as its LDAP server and adds nice features such as integration with Kerberos for strong authentication, a Certificate Authority (CA), and the sssd service that makes it easy to setup your workstation or server to get user and group data, SSH keys, and other security configuration (such as sudoers) from IdM. All that with easy server and client installes (also backed on RHEL), an easy to use web UI, and an REST API for automation.

If you know MS AD, you can think of IdM as "MS AD native for Linux machines" in the sense that it gives many of the features your would get from MS AD to manage Windows machines, not in the sense that you would replace MS AD with IdM (you cannot). IdM support trusting MS AD domains, so users from MS AD can log in to Linux servers and workstation ou authorize them to (using IdM).

RHDS is nowadays restricted to scenarios where an organization needs a custom LDAP schema, usually for legacy systems that used LDAP for authentication, authorization, and user profiles. It was very popular with traditional Java EE applications and ERPs. Users of IdM are not supposed to change nor customize its LDAP schema.

Another option to consider, for web applications and microservices, is the Single Sign-On (SSO) server that you get as part of your middleware or OpenShift subscription. The SSO technology from Red Hat is fully supported, supportes web-native and microservices-native authentication mechanisms such as Oauth, supports social login using Google, Facebook, and other internet services, and can integrate with a corporate LDAP server, IdM, and MS AD if you need.

Flight Engineer Flight Engineer
Flight Engineer

Something not mentioned above is that one of the purpose of RHDS is to serve data quickly, as oppose to traditional DBs it is optimize for heavy data consumption, so you can use it to store data that will be accessed very often but doesn't change so often (ie. users, certificates, employee/customers data, etc...).


Join the discussion
You must log in to join this conversation.