On Sat, 2010-10-02 at 21:52 -0700, Iain Morris wrote: > > > On Sat, Oct 2, 2010 at 7:29 PM, Craig White <craigwhite at azapple.com> > wrote: > > > ---- > This discussion completely ignores the fact that user > authentication is > just one of the many things LDAP does. If all you are going to > do with > LDAP is simple user & group management then you have a lack of > imagination. > > > > Not to stray much further off the subject, nor defend AD much further > on the CentOS list, but AD does a lot more than user/group auth. In > fact it does everything in your list (DNS, mail access lists, etc), > and quite a bit more out of the box. > > > Apple's Open Directory is a nice start, but pretty far behind in the > race. In fact if I had a 1000 Mac installation, I'd rather build an > AD domain and extend the schema to include the Apple attributes and > use WG Manager for the Macs. I honestly believe Apple has put more > engineering time into their AD plugin than their OD native interface. > > Believe me I'm no Microsoft enthusiast, but AD is a capable and mature > product for the job. Obviously for maximum flexibility stock MIT > Kerberos and OpenLDAP win, but I think I'd be wasting a lot of time > using them bare-bones when administrating a large multi-site > organization. Open-source is free, but it's definitely not free once > you start spending your evenings combing mailing lists and debugging > fringe issues that keep your business from meeting its goals. ---- AD yes, LDAP no You have to go to different tools for everything... Mail (routing/aliases) - Exchange DNS - Their DNS tool I have no problem using OpenLDAP to setup/configure not only users but also automounts for Linux/Macintosh users, central user/group authentication and even share the home directories across the board (Linux/Macintosh/Windows users so regardless of which system they use, they have access to their same files). You aren't going to get that done with Active Directory tools. Active Directory provides a fairly decent configuration tool set for the unimaginative administrator who wants to do everything the Microsoft way but try extending AD's LDAP. If I had a large multi-site organization, the last tool I would use is AD. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.