On Sat, Oct 2, 2010 at 7:29 PM, Craig White craigwhite@azapple.com wrote:
This discussion completely ignores the fact that user authentication is just one of the many things LDAP does. If all you are going to do with LDAP is simple user & group management then you have a lack of imagination.
Not to stray much further off the subject, nor defend AD much further on the CentOS list, but AD does a lot more than user/group auth. In fact it does everything in your list (DNS, mail access lists, etc), and quite a bit more out of the box.
Apple's Open Directory is a nice start, but pretty far behind in the race. In fact if I had a 1000 Mac installation, I'd rather build an AD domain and extend the schema to include the Apple attributes and use WG Manager for the Macs. I honestly believe Apple has put more engineering time into their AD plugin than their OD native interface.
Believe me I'm no Microsoft enthusiast, but AD is a capable and mature product for the job. Obviously for maximum flexibility stock MIT Kerberos and OpenLDAP win, but I think I'd be wasting a lot of time using them bare-bones when administrating a large multi-site organization. Open-source is free, but it's definitely not free once you start spending your evenings combing mailing lists and debugging fringe issues that keep your business from meeting its goals.
And NIS servers belong in a museum! :-)
There, hopefully I've offended everyone. Cent remains my favorite server OS by a _huge_ margin.