Is there any good alternatives for active directory?
To clarify, after deploying and maintaining many Windows-only sites all using Active Directory, I started to wonder why I never thought twice about using something else, e.g. Linux. I understand that a full-featured alternative may not exist yet, but I'm at least looking for something that is aspiring to be active directory and working towards it.
I'm surprised no one mentioned Novell's eDirectory. It has been around since 1993 (Of course if was called NDS back then). http://www.novell.com/products/edirectory/whychoose.html
Samba/LDAP/Kerberos would be the only other option I'd consider.
Likewise-Open makes integrating Linux clients and member servers into an existing Active Directory fairly simple. We use it on a couple of Ubuntu servers for NAS -- just upgraded to Jaunty and it works great, though we stuck with the likewise-open (4.x) rather than likewise-open5 package, as there are some changes in the newest version which we haven't figured out completely. In particular, Likewise takes some of the overhead and configuration out of the krb5/pam/winbind/samba setup. Supposedly its authentication mechanism is more efficient too, but this isn't something that we've really noticed.
Also, the long-awaited Samba 4 is supposed to be coming in the not-too-distant future, and promises a number of interoperability improvements such as Group Policy support, might be worth staying tuned.
OpenLDAP can do the authentication part of active directory. I don't believe there's a replacement for group policy however on Windows.
It might help if you explained what exactly you don't like about Active Directory and why you're attempting to avoid it, I'm presuming cost?
OSX Server provides a built-in open source stack to replace active directory based on OpenLDAP. It's not the easiest to get up and running but 99% of it can be done through the GUI and if you've got AD experience it's fairly straight forward.
Plus Apple provide support for getting things up, running and configured in case you get stuck :)
If you're looking for something in the SOHO arena, then "SME Server" may do the trick.
http://wiki.contribs.org
I recently found it and have been playing with it on a test box. It seems pretty solid.
It will take care of all the normal stuff; file/print sharing, web, email and NAT.
It will also act as an old NT style PDC.
A nice review can be found here http://www.theregister.co.uk/2010/11/17/review_sme_server/
It depends mostly on whether Windows is involved as an AD consumer. If not, there's dozens of technologies to fulfill independent parts of AD:
But here's the deal: Windows can't easily consume anything but AD, so you're stuck. Embrace, Extend, Extinguish.
Second on eDirectory. It does everything AD can, but much more scalable and standards compliant and it runs on several flavors of *nix.
Short answer is No.
No projects have ever gotten any kind of traction on aspiring to be a complete AD replacement. AD is an ecosystem with itself as the core, things like security, exchange, DNS, GPO are branches of this and these in turn are intertwined with Office, Sharepoint, SQL, Outlook, etc. Most projects that are out there are just replacements or replications of individual branches and mostly just so non-windows systems can tie into windows networks.
You can join windows machines to Kerberos realms. When you do this you lose the rest of what active directory does. It isn't unlike configuring a Unix machine to use a realm.
The biggest disadvantage is that the machine doesn't automatically reset it's password. And groups. And policy. And, well, the rest of the windows management experience.
Here's a link on how to do it, though...
http://technet.microsoft.com/en-us/library/bb742433.aspx#EDAA