What are the differences with the packages 389-ds from Red Hat Enterprise Linux versus redhat-ds from Red Hat Directory Server?

Updated

Issue

  • What are the 389-ds packages?
  • The packages 389-ds and 389-ds-base are provided by RHEL, can I use their features in a supported way?
  • Can I use the multi-master replication feature of the 389-ds-base services in a supported fashion on RHEL?
  • Can I use the command line utilities to configure and use the 389-ds-base services in a supported fashion on RHEL?
  • Can I use the upstream management console to manage the 389-ds-base services in a supported fashion on RHEL?
  • What is the difference between 389-ds and redhat-ds packages?

Environment

  • Red Hat Enterprise Linux with the package 389-ds-base
  • Red Hat Directory Server

Resolution

The 389-ds packages provide the core directory services components (LDAP server) for Identity Management in Red Hat Enterprise Linux (RHEL).

These directory packages are also core components of Red Hat Directory Server (RHDS) version.

Red Hat Engineering selects these packages from the upstream Open Source project at https://www.port389.org/

RHEL IdM is a domain controller, its main purpose is to manage identities within the enterprise, with pre-build services, components, access control, permissions, security, single sign-on, AD trust support, and works with the SSSD component.
RHDS is a general purpose LDAP server, extremely customizable, but requires own maintenance and tools to manage an infrastructure.

RHEL IdM a component of Red Hat Enterprise Linux and is made available at no extra charge, included with all Red Hat Enterprise Linux server subscriptions.
RHDS is a separate product, with its own pricing and licensing.

The redhat-ds package is just a "meta-package" that pulls in the core server ( 389-ds packages from RHEL AppStream, e.g. rhel-10-for-x86_64-appstream-rpms ) and the Web Console packages for Cockpit ( cockpit-389-ds from the RHDS repository, e.g. dirsrv-13-for-rhel-10-x86_64-rpms )

In RHDS-13 on RHEL-10, RHDS-12 on RHEL-9, and RHDS-11 on RHEL-8, the LDAP configuration is managed by Python tools provided by the package python3-lib389, and a Web based cockpit plugin provided by the package cockpit-389-ds integrates features within the operating system.
The previous Java DS Console and the Perl tools from RHDS-10 on RHEL-7, RHDS-9 on RHEL-6 and RHDS-8 on RHEL-5 are no longer provided
Those older tools are temporarily provided by the packages called 389-ds-base-legacy-tools.

Important note: starting from RHEL-9.5 and RHDS-12.5, the 389-ds-base builds are identical and shared between RHEL IdM and RHDS, and no longer "modularized".
Before that, the builds of 389-ds-base, 389-ds-base-libs, and python3-lib389 made for the RHDS product, had a reference to el9dsrv or el8dsrv in the module version, while the RHEL IdM equivalent were el9 and el8, and those build could have been different.

What is supported:

  • 389-ds and 389-ds-base components are supported with the use of the Identity Management in RHEL.
  • 389-ds and 389-ds-base components are also supported with the Subscription Manager, or RHN entitlements for the Red Hat Directory Server product.
  • The use of command line tools as documented within published guides - to achieve provisioning with Identity Management in RHEL or Red Hat Directory Server.
  • Direct reference to IdM directory is supported.

What is *NOT* supported:

  • Direct update of IdM directory is NOT supported.
    It needs to be updated using ipa command, Web UI, or Identity Management API.
  • 389-ds and 389-ds-base stand-alone.
  • The use of the command line tools to configure and use the 389-ds-base services outside of the Identity Management in Red Hat Enterprise Linux  solution or Red Hat Directory Server entitlement.

For more information, see the online link for the Production Support Scope of Coverage.

And in particular, the link packages included in support of core functionality.

Diagnostic Steps

RHEL-9.0 IdM example

389-ds-base-2.0.14-1.el9

RHDS-12.1 on RHEL-9.1 example

389-ds-base-2.1.5-4.module+el9dsrv+16995+8a75ed16
389-ds-base-libs-2.1.5-4.module+el9dsrv+16995+8a75ed16
python3-lib389-2.1.5-4.module+el9dsrv+16995+8a75ed16
cockpit-389-ds-2.1.5-4.module+el9dsrv+16995+8a75ed16

RHDS-11.5 RHEL-8.6 example

cockpit-389-ds-1.4.3.31-11.module+el8dsrv+17815+4f95348d.noarch
389-ds-base-libs-1.4.3.31-11.module+el8dsrv+17815+4f95348d.x86_64
python3-lib389-1.4.3.31-11.module+el8dsrv+17815+4f95348d.noarch
389-ds-base-1.4.3.31-11.module+el8dsrv+17815+4f95348d.x86_64

rpm -ql cockpit-389-ds
/usr/share/cockpit/389-console
/usr/share/cockpit/389-console/index.css.gz
/usr/share/cockpit/389-console/index.html.gz
/usr/share/cockpit/389-console/index.js.LICENSE.txt.gz
/usr/share/cockpit/389-console/index.js.gz
/usr/share/cockpit/389-console/manifest.json
/usr/share/doc/cockpit-389-ds
/usr/share/doc/cockpit-389-ds/README.md
/usr/share/metainfo/389-console/org.port389.cockpit_console.metainfo.xml

ls -ld /usr/share/doc/*389*
drwxr-xr-x. 2 root root 89 Feb 17 17:31 /usr/share/doc/389-ds-base
drwxr-xr-x. 2 root root 86 Feb 17 17:31 /usr/share/doc/389-ds-base-libs
drwxr-xr-x. 2 root root 23 Feb 17 17:31 /usr/share/doc/cockpit-389-ds
drwxr-xr-x. 2 root root 43 Feb 17 17:31 /usr/share/doc/python3-lib389

build requirements and dependencies:
less /usr/share/doc/cockpit-389-ds/README.md

The package cockpit-389-ds includes the product branding information displayed in the system wide RHEL cockpit web UI.
It is very simple and limited to the text file /usr/share/cockpit/389-console/manifest.json
{
  "version": "1.0",
  "name": "389-console",
  "require": {
      "cockpit": "137"
  },
  "tools": {
     "389-console": {
        "label": "Red Hat Directory Server",
        "path": "index.html"
     }
  }
}

RHDS-10 RHEL-7 example
The package redhat-ds-10.2.0-2.el7dsrv.x86_64.rpm is very small, just acts as a "meta-package":

./usr/share/doc/redhat-ds-10.2.0
./usr/share/doc/redhat-ds-10.2.0/README
2 blocks

Note its spec file from the source package has the following dependencies which will be installed:

Requires:         redhat-ds-base
Requires:         redhat-ds-admin
Requires:         idm-console-framework
Requires:         redhat-idm-console
Requires:         redhat-ds-console
Requires:         redhat-admin-console
Requires:         redhat-ds-console-doc
Requires:         redhat-admin-console-doc

And that includes some "branding" information and images for the Java Console.

The package redhat-ds-base-10.2.0-2.el7dsrv.x86_64.rpm also looks very small:

./usr/share/dirsrv/inf
./usr/share/dirsrv/inf/redhat-slapd.inf
./usr/share/doc/redhat-ds-base-10.2.0
./usr/share/doc/redhat-ds-base-10.2.0/LICENSE
./usr/share/doc/redhat-ds-base-10.2.0/LICENSE.GPLv2
./usr/share/doc/redhat-ds-base-10.2.0/README
62 blocks

But its spec file from the source package has the following dependencies which will be installed:

Requires:         389-ds-base
Source0:          %{name}-%{version}.tar.bz2

So it will install the LDAP server provided by the package 389-ds-base.

Product(s)
Category
Components
Tags
Article Type