From 389 Directory Server
Key Features
- Multi-Master Replication, to provide fault tolerance and high write performance
- Scalability: thousands of operations per second, tens of thousands of concurrent users, tens of millions of entries, hundreds of gigabytes of data
- The codebase has been developed and deployed continuously by the same team for more than a decade
- Extensive documentation, including helpful Installation and Deployment guides
- Active Directory user and group synchronization
- Secure authentication and transport (SSLv3, TLSv1, and SASL)
- Support for LDAPv3
- On-line, zero downtime, LDAP-based update of schema, configuration, management and in-tree Access Control Information (ACIs)
- Graphical console for all facets of user, group, and server management
For more see our Features page
Community
To get in touch with us, you can try to reach us on IRC at #389 on irc.freenode.net or on one of our mailing lists.
New to the Project?
If you're new to the project you should start with our getting started page. It contains links to builds, source code and documentation. Our mission page also contains some good information about our mission and goals.
Recent News
389 Windows Password Synchronization 1.1.3 is now available - 389 Windows Console 1.1.4.a1 is now available (November 16, 2009)
Version 1.1.3 fixes some install issues in 1.1.2. Windows Console 1.1.4.a1 (alpha 1) is now available for testing.
389 Directory Server 1.2.4 is now available for testing (November 4, 2009)
We are pleased to announce the availability of 389 Directory Server 1.2.4 for testing. The packages are currently only available from the testing repositories, not the official release repositories. We are seeking feedback. The binary packages available for download will replace the Fedora DS packages with 389 branded packages when installed with yum. This release contains 1 new feature and a couple of bug fixes.
- See the Release Notes for more information
389 Windows Password Synchronization 1.1.2 is now available (November 3, 2009)
The new version supports Windows Server 2008 in addition to 2003. The new version supports 64-bit Windows in addition to 32-bit Windows.
389 Directory Server 1.2.3 is now available for testing (October 8, 2009)
We are pleased to announce the availability of 389 Directory Server 1.2.3 for testing. The packages are currently only available from the testing repositories, not the official release repositories. We are seeking feedback. The binary packages available for download will replace the Fedora DS packages with 389 branded packages when installed with yum. This release contains 3 new features and several bug fixes.
- See the Release Notes for more information
389 Directory Server 1.2.2 is now available (August 26, 2009)
We are pleased to announce the availability of 389 Directory Server 1.2.2. The binary packages available for download will replace the Fedora DS packages with 389 branded packages when installed with yum. This release contains several critical bug fixes.
- See the Release Notes for more information
389 Directory Server 1.2.1 is now available (August 17, 2009)
We are pleased to announce the availability of 389 Directory Server 1.2.1. This is the first officially branded 389 release. The binary packages available for download will replace the Fedora DS packages when installed with yum. This release contains several new features and several bug fixes.
- See the Release Notes for more information
389 has converted from CVS to git for SCM
389 has switched from using the venerable CVS to using git for our SCM. All new development will take place in our new git repositories. The old CVS repositories are still available, but they won't be used for any new code. Some projects will still use the CVS repository, such as mod_nss, mod_revocator, coolkey, esc, windowsautoenroll, and console (just the idm console framework code - the rest of the console packages have moved to git).
- What is git?
- Where are the repos?
Fedora Directory Server is now 389
The Fedora Directory Server Project is now called "389". The details are here:
The new project website is http://port389.org (which is currently just an alias for directory.fedoraproject.org)
The new IRC channel is #389
We have created aliases for the mailing lists - so 389-users, 389-announce, etc.
We're still in the process of rebranding, re-skinning the web site, etc. In the coming weeks you will see new packages with the 389 branding.
Everything else is the same - the team, our mission, only the name has changed. We apologize if this change is disconcerting to some of you, we thank your for your support, and we hope to continue to make the 389 project a success.
Fedora Directory Server 1.2.0 is now available (April 6, 2009)
We are pleased to announce the availability of Fedora Directory Server 1.2.0. This release contains a few new features and over 200 bug fixes.
- See the Release Notes for more information
Fedora Directory Server 1.1.3 is now available (September 25, 2008)
We are pleased to announce the availability of Fedora Directory Server 1.1.3. This is a minor bug fix release, to address a bug in the Windows Sync code introduced in 1.1.2.
- See the Release Notes for more information
Fedora Directory Server 1.1.2 is now available (September 16, 2008)
We are pleased to announce the availability of Fedora Directory Server 1.1.2. This is release has many, many bug fixes and several new features.
- See the Release Notes for more information
Fedora Directory Server 1.1.1 is now available (June 10, 2008)
We are pleased to announce the availability of Fedora Directory Server 1.1.1. This is release is mostly to fix some bugs and add some functionality for freeIPA.
- See the Release Notes for more information
Red Hat Directory Server wins Codie award (May 21, 2008)
Red Hat Directory Server is the branded version of Fedora Directory Server distributed and supported by Red Hat. The Codie awards are given by the Software & Information Industry Association (SIIA). Red Hat Directory Server won the Identity Management award. http://www.siia.net/codies/2008/winners.asp
Source for DSML Gateway now available (May 1, 2008)
DSML_Gateway is a Java Axis web service that exposes LDAP data to web services that understand DSMLv2. We do not have a binary distribution at this time, but the source code is now available.
Web apps are now available for version 1.1 (April 24, 2008)
The web applications have been moved into a separate package called fedora-ds-dsgw. This package contains the Phonebook, Org Chart, and DS Gateway applications. This package is now available as an add-on for the fedora-ds-admin package. The shell script /usr/sbin/setup-ds-dsgw is provided to configure the applications and enable them to be used from the Admin Server home page (as in 1.0 and earlier versions). See the DSGW_Install_Guide for more information.
Security vulnerability in fedora-ds-admin (April 22, 2008)
The fedora-ds-admin-1.1.0 package has a couple of security vulnerabilities:
- CVE-2008-0892 Directory Server: shell command injection in CGI replication monitor - https://bugzilla.redhat.com/show_bug.cgi?id=437301
- CVE-2008-0893 Directory Server: unrestricted access to CGI scripts - https://bugzilla.redhat.com/show_bug.cgi?id=437320
The new package is fedora-ds-admin-1.1.4-1 This package is available from the Fedora yum repository for F-7 and later, or from the dirsrv yum repo on Fedora 6 and EL5. See Install_Guide for information about how to use these yum repositories for your platform.
There are also updates to the adminutil (new version 1.1.6) and to some of the other packages. These updates are recommended.
NOTE: the vulnerabilities affect all versions of Fedora DS, including 1.0.4. We currently have no plans to do another binary RPM release. Please see the bug reports to find out how to patch earlier releases.
NOTE for Fedora 8 and later users: all of the packages are now in the standard Fedora repos. Please remove your /etc/yum.repos.d/idmcommon.repo and /etc/yum.repos.d/dirsrv.repo files before you install or upgrade. See Install_Guide for more information.
NOTE for Fedora 6, 7 and EL5 users: You may get an error about a missing dependency fedora-admin-console when upgrading. If you get this error, remove the old fedora-ds package (yum erase fedora-ds) and upgrade again.
Security vulnerability in fedora-idm-console (March 19, 2008)
The fedora-idm-console-1.1.0 package has a security vulnerability - details are here: https://bugzilla.redhat.com/show_bug.cgi?id=436101
A new version of the package is now available - fedora-idm-console-1.1.1-1 - to fix the problem. Download contains instructions about how to set up your yum repositories to get this update, then do
yum upgrade fedora-idm-console
Fedora Directory Server 1.1.0 is now available (January 8, 2008)
We are pleased to announce the availability of Fedora Directory Server 1.1.0.
- See the Release Notes for more information
Windows Console for Fedora DS 1.1 is now available (December 14, 2007)
The Windows Console is packaged in the usual Windows Installer MSI format. This will allow you to manage your Fedora Directory Server installation from your Windows Desktop. See Release_Notes for more information.
Fedora DS 1.1 Beta is now available (November 26, 2007)
We are pleased to announce the availability of the Fedora DS 1.1 beta, complete with Admin Server and Console. Migration from Fedora DS 1.0 and earlier is supported by scripts provided with the package. See Release_Notes for more information.
Fedora DS 1.1 is new feature code complete (October 9, 2007)
The code has been completed for the new features in Fedora DS 1.1. Our focus now is on whittling down the bug list, testing, and updating the documentation. We're also planning how to build and release the admin server and console pieces through our own yum repository.
Notice: File/Path Naming Has Changed (September 18, 2007)
If you are using the fedora-ds-base (version 1.1.0-0.3 or earlier) included in the Fedora distro, please be aware that the file/path naming has been changed in later packages (1.1.0-1.0 and later).
If you upgrade from 1.1.0-0.3 to 1.1.0-1.0 or later, you will break all of the scripts and configuration files, because they will all still refer to the old paths.
Files/paths in older versions that had fedora-ds in the name now use dirsrv. For example:
- The init script/service is now called dirsrv not fedora-ds
service dirsrv start
instead of
service fedora-ds start
- The configuration directory is now /etc/dirsrv instead of /etc/fedora-ds
- The scripts such as db2ldif, ldif2db, etc. are in $libdir/dirsrv/slapd-instance instead of $libdir/fedora-ds/slapd-instance.
- The sub directories under /var - /var/log/dirsrv, /var/lib/dirsrv, etc.
We are working on this issue and will provide migration instructions/scripts.
Work is proceeding on Fedora DS 1.1 (September 17, 2007)
Fedora DS 1.1 will have the following:
- Discrete packaging - several small packages instead of one monolithic package that contains redundant components - Discrete_Packaging
- Filesystem Hierarchy Standard file and path layout - everything will be where you expect it to be - FHS_Packaging
- Migration support - easy upgrade/migration from 1.0 and earlier releases - DS Admin Migration and Migration From 10
- Easier, more flexible set up - FDS Setup and New_Setup_Design
Fedora DS now supports LDAPI (LDAP over unix domain sockets) (February 26, 2007)
The cvs head now contains code for LDAPI support allowing secure local connections to the server without TCP overhead.
Fedora DS core is now in Fedora Extras (Febrary 14, 2007)
You can now install the core Fedora DS from Fedora Extras on FC-5, FC-6, and devel (FC-7). The core Fedora DS does not contain the console or admin server pieces - these are still in development, and planned for inclusion in Fedora Extras when ready. See FDS_Into_FedoraCore for the status of the effort to get Fedora DS into Fedora Extras.
Fedora DS gets posix/unix automatic uid generation (February 08, 2007)
The cvs head now contains a new feature for automatic generation of sequenced numbers which is compatible with multi-master replication environments. This feature can be used for automatic generation of posix uidNumber and gidNumber in addition to other sequenced numeric attributes required by your deployment.
Nice review at linux.com (December 08, 2006)
Now Fedora Directory Server (FDS), Red Hat's open source LDAP server, makes setting up an enterprise directory server on Linux simple. http://enterprise.linux.com/enterprise/06/11/28/2019258.shtml?tid=129&tid=100
Fedora DS binaries for Fedora Core 4 and 6 x86_64; New Windows Password Sync (December 05, 2006)
- The Download page now has Fedora DS 1.0.4 RPMs for Fedora Core 6 and 4 x86_64.
- The Download page also has a new PassSync.msi for Windows AD password sync
Fedora Directory Server 1.0.4 is released (November 9, 2006)
We are pleased to announce the release of Fedora Directory Server 1.0.4! This version addresses some serious issues with the setup program during upgrade install. Please refer to the Release_Notes for more information and to the Download page for downloads.
Fedora Directory Server 1.0.3 is released (October 31, 2006)
We are pleased to announce the release of Fedora Directory Server 1.0.3! This version, while primarily a bug fix release, now supports new password generation when using the password extended operation (ldappasswd). Please refer to the Release_Notes for more information and to the Download page for downloads.
We've reached 100,000 downloads (October 01, 2006)
There have now been in excess of 100,000 downloads of the Directory Server. Many thanks to the users and supporters of our product.
Enomalism uses Fedora DS for user and domain storage (07/17/2006)
The Enomalism Virtualized Management Console (VMC) is a powerful web-based systems administrator management tool for XEN hypervisor that enables the management of multiple isolated Virtual Private Servers (VPS) to be managed from a central web based interface. Fedora Directory Server provides the LDAP functionality required to manage users, and store domain information. See http://enomalism.com/Wiki.wiki+M5902e6c2d07.0.html for more information.
VMWare Appliance for Fedora DS 1.0.2 (June 23, 2006)
Thomas Lackey has contributed a VMWare virtual machine appliance featuring Fedora (LDAP) Directory Server 1.02 on Fedora Core 5 at http://www.vmware.com/vmtn/appliances/directory/320
Binary RPMs for Fedora Core 5 32bit and 64bit
We now have binary RPMs for Fedora Core 5 for 32 bit and 64 bit versions, available on the Download page.
Fedora Directory Server 1.0.2 is released (March 02, 2006)
We are pleased to announce the release of Fedora Directory Server 1.0.2! This version has enhanced support for password syntax checking (minimum number of digits, minimum number of letters, and more), x86_64 support, preliminary support for Fedora Core 5, and many bug fixes. Please refer to the Release_Notes for more information and to the Download page for downloads.
Review of Fedora Directory Server in Redmond Mag
A review of Fedora Directory Server by WinLinAnswers.com appears in Redmond Magazine. This is a generally favorable review, and will be especially interesting for Active Directory administrators or those with a Windows background.
Fedora Directory Server 1.0.1 is released (December 8, 2005)
We are pleased to announce the release of Fedora Directory Server 1.0.1! This version fixes a couple of serious bugs in the 1.0 product. If you are running 1.0, you are strongly encouraged to upgrade to 1.0.1 as soon as possible.
December 1, 2005
We are pleased to announce the release of Fedora Directory Server 1.0! This version fulfills the promise to open all of the directory server source code that we made almost 1 year ago - December 8, 2004 - the date at which Red Hat acquired the code.
Screenshots have been added.
September 20, 2005
Introducing mod_nss, an SSL module for Apache 2.0.x. It provides similar capabilities to mod_ssl but uses the NSS security library from mozilla.org.
September 19, 2005
A favorable review of Red Hat Directory Server and Fedora Directory Server by eWeek - http://www.eweek.com/article2/0,1895,1860497,00.asp
September 13, 2005
Two more components have been released open source - AdminUtil and SetupUtil.
- AdminUtil is used for
- CGIs and other programs to communicate and interact with the Admin Server
- An API to store application preferences in the Directory Server.
- SetupUtil is used for
- An alternative to native packaging (RPM, pkg, etc.)
- Interactive (and silent) pre- and post- installation server configuration and set up
September 1, 2005
A favorable review of Red Hat Directory Server (which is the same as Fedora Directory Server right now) in Unix Review - http://www.unixreview.com/documents/s=9846/ur0508f/
Work is proceeding on the remaining open source items. Setuputil and Admin Server are almost ready. Once those are done, we should have a completely open source stack.
August 16, 2005
A favorable review of Fedora Directory Server in InfoWorld - http://www.infoworld.com/article/05/08/08/32FEossldap_1.html?s=feature
July 15, 2005
The Fedora Management Console and the Fedora Directory Server Console are now open-sourced! For details on checking out and building the code, see the building console page.
June 15, 2005
MD5 password hashing support has been added to Fedora Directory Server. This makes it possible to import LDIF data from other servers that store passwords using the MD5 algorithm. A new script that assists in migrating your OpenLDAP schema to Fedora Directory Server has been contributed as well. Details are available here.
June 1, 2005
The Fedora Directory Server is released to the world!
