Adventures in Eco-Linux - Part 01

Joe Echtenkamp

Well that was quite the adventure in new technology. For context, Several months ago I decided that over the course of the year, I would move my home ecosystem away from the Windows OS. The decision came from end of life of Windows 10, and the inability (and unwillingness) to drop several $1000s of dollars upgrading systems that aren't quite good enough for Windows 11.

So I started looking into how to migrate my systems to a linux based system. My first hurdle, and the topic of this rant/post, was a replacement for Active Directory. I am running a copy of Windows Active Directory in my home lab for several reasons. Mostly to unify my windows login info for all the computers in the house, which may seem like over kill, and absolutely is, but it means that me and my wife only need to remember one account for the 4+ computers that we have around the house. So naturally I wanted to replicate that ability on the new linux ecosystem. 

After looking at several options, I currently have settled on OpenLdap as the authentication provider for the ecosystem. I'm currently going with it because it seems to be well supported, and semi-universally supported. So when I put Linux Mint on my wife machine, and Fedora, or NixOS on mine I don't need to worry about if the computer will connect and authenticate to the OpenLdap server properly.

The setup for the OpenLdap server is fairly simple IF you know a couple of things a head of time. First you need to know the domain you want to use, as the initial setup asks for it, and it is a pain to change after that setup. Second, the OpenLdap documentation talks about "schema" objects being the old way and you should be using the "ldif" format instead, BUT you can still use the "schema" objects if your local on the OpenLdap server and import them correctly. Third, if your intent is to have OpenLdap handle sudo authentication as well, then you should know that sudo provides OpenLdap Schemas, and since you don't need to convert them to Ldif's you can just drop them in and "install" them into the server.  

With that setup, I installed me and my wife as users in the system and converted my first machine onto the OpenLdap server. I'm still working out kinks in the system, like how can I get a user to login and be placed as an administrator on the computer. Yet, it's a good first step, and I'm happy with the progress I've made so far. 

 

This article was updated on March 14, 2025