I've played with LDAP and it is nothing vs. AD. Ever administered an AD domain? Crazy what all you can manage. It's not only a user auth tool, it's so much more.

[–] DmMacniel@feddit.org 2 points 3 days ago (1 children)

Ever administered an AD domain?

only as part of a curriculum and in an apprenticeship; so nothing serious.

Crazy what all you can manage. It’s not only a user auth tool, it’s so much more.

yeah sure you can manage the heck out of it. But what does one really need? Restricting/Enabling access to resources, and managing authentications right? And that's feasible with Kerberos and OpenLDAP, no?

[–] shalafi@lemmy.world 1 points 3 days ago

I'm too far gone from my last AD admin job (7 years), but I mainly remember how tightly integrated everything was. I could play that infrastructure like a fiddle!

The greatest thing about AD is that it's a "single pane of glass", all there in one tool. One example, I used RADIUS auth with Network Policy Server (NPS) to manage wireless access. Put users in the appropriate group, never had to think about it again.

One of the best parts was how easy it was to manage with PowerShell. I had on on/offboarding script that would handle a dozen pain points at a button press.