How Linux Beats Windows in ID Management Ease 286
Amy Kucharik writes "Fed up with Windows systems management? A Linux conversion may be your ticket away from the daily hassles of managing and licensing domain controllers and related software devices. In this tip, Paul Murphy discusses the evolution of LDAP and how using it, along with Linux, can make an administrator's job easier."
First LDIF! (Score:5, Funny)
changetype: add
slashComment: First Post!
slashModLevel: +5 Funny
Re:First LDIF! (Score:5, Funny)
changetype: modify
add: objectclass
objectclass: troll
take that!
Re:First LDIF! (Score:2)
You fail it.
Mac OS X And LDAP (Score:3, Interesting)
Re:Mac OS X And LDAP (Score:4, Informative)
More info here. [apple.com]
NetInfo is now pretty much relegated to storing info for the local machine only.
Re:Mac OS X And LDAP (Score:3, Informative)
MacOS X Server uses LDAP as one method to store user information, and also NetInfo (as "local users" that can still be vended out).
PS... this works very well, and is easy to admin. I don't see any reason to change things.
PPS... the docum
How's this different? (Score:5, Interesting)
There's nothing concrete in the article.
Re:How's this different? (Score:5, Funny)
Re:How's this different? (Score:5, Insightful)
Funny?
This is the truth.
Re:How's this different? (Score:2, Funny)
Or so I've heard.
Re:How's this different? (Score:5, Informative)
One costs, but it's damn easy to use.
Personally, for mucking around improving skills I'd use the Linux/LDAP but as soon as you hit a corporate environment, Group Policy wins hands down for speed, integration and ease of use.
Where's the article (Score:5, Interesting)
Now I know somebody is going to say ARE YOU TOO STUPID TO USE GOOGLE!! No, I'm not. I'm simply saying that the article could have been much better, had they simply put actual information in instead of simply writing an introduction to the history of LDAP. As it stands, the article is exceedingly pointless.
Re:Where's the article (Score:2, Interesting)
Thank you for saying that - it needed to be said.
My answer is ususally "I don't have time to google for the information and pick through the thousands of advertisements posing as real information."
Why is that people have to cover up their own ineptitu
Actual information (Score:3, Informative)
Swoosh.
Since it isn't possible for one article to explain how to configure identification, authentication, and authorization for all systems, the article contained [techtarget.com] links [kernel.org] to more [redhat.com] information [techtarget.com].
That's because you often have to learn about things in order to do them. With flexibility comes a price, and that price is work. Luckily, they pay you for that, if you do it well enough.
Or maybe he should have published a GUI along with the article? Sorry for being flippant, but I think you're expecting too
Re:Actual information (Score:4, Interesting)
Even so, the article was really weak compared with the blurb that they submitted to Slashdot. At 650 words, the article is barely an introduction to the topic. The links were a minor plus, but the article didn't really fulfill the promise of the title, let alone that breathy 50-word blurb.
I would have been perfectly fine with the article if they had submitted it by saying, "LDAP has a neat history, and if you try it, you might learn something. But we won't tell you what or how, and we certainly won't show you how to solve any problems you actually have."
Re:Actual information (Score:2)
The point of an article is to show the readers something new. It's to help them, to teach them something, often on slashdot it's to show new ways of doing things. This article does none of these. It provides a few links, but little that google and wikipedia could not do.
In your response you mention a GUI, alluding to a GUI vs. console debate. A
Re:Actual information (Score:3)
It's true, but it's like saying it's easier to drive a car than fly a helicopter. With a GUI, you can only do what the GUI-writer allows. With a command line, you're free to do what you want.
GUI is fine for apps. For admin work, give me a CLI any day.
Re:Actual information (Score:2)
Dumb analogy. A helicopter is fundamentally different than a car. A helicopter flies. There is no similar fundamental difference with GUI vs. CLI. There's no reason a GUI can't do everything the CLI can.
With a GUI, you can only do what the GUI-writer allows. With a command line, you're free to do what you want.
With a command line, you can only do what the command-line app writers allow you to do.
GUI is fine for apps. For
Re:Actual information (Score:3, Insightful)
Your claim is that the two are isomorphic, that is, that there is a mapping of every function of a GUI to a CLI and that all functions of a CLI are met by the GUI.
That is clearly false, since while I can quickly issue a command under a Unix shell that will repeat until I kill it, GUIs never (or seldom) provide a checkbox for that. That's just one example. There is a limitless supply of examples, since I can create ad hoc command scripts to e
Re:Actual information (Score:3, Insightful)
You are so intent on being right that you can't see the plain truth in front of you. It's not that a GUI can't have a checkbox, it's that unless it does, the feature is not available. A CLI tool, on the other hand, needs no check box because the functionality is inherited for all tools.
The paradigm. GUIs are intended to be easy, and scripting languages are not "easy" in that sense. W
Re:Where's the article (Score:5, Insightful)
Basically if all I needed was a place to look up email addresses I can just throw up OpenLDAP on a linux box and be done. If I want identity management I need some real planning and some serious engineering. Even the comercial solutions like Novell is offing using eDirectory on Linux are complicated and resource intensive implementations in anything but the simplest environments.
The idea of "it's Linux" so there is no throw away work is foolish.
Re:Where's the article (Score:2)
Use Mac OS X Server. I know it can do all those things, via the GUI, because I get paid to do them. And they're pretty damn simple. And cheap to boot: $1000 for the server sw and an older G4 is about all you need.
For an example, try this [apple.com].
Re:Where's the article (Score:3, Informative)
samba.org has had its guides updated for more modern deployment. There are several places, but one of the better guides is listed with the same people who make the samba-ldap tools.
Active Directory is a nightmware because a lot of what happens is done for you in a windows environment. Which is funny... a great deal of what goes on with normal samba is automated and you get to feel a whole lot more of that when you goto ldap. I'm sure someone has made some progress.
Anyhow, onc
Feature Request (Score:5, Funny)
Re:Feature Request (Score:4, Insightful)
I prefer to use Kerberos for Authentication and LDAP for authorisation. It is very secure, easy to administer and universally supported by the commercial vendors. However for some reason, it does not get a lot of press.
Re:Feature Request (Score:2)
How?
(I know how to use google, so a few keywords will be sufficient, rather than a drawn-out explanation).
Re:Feature Request (Score:3, Insightful)
If you just want simple authentication (ie: "is this username and password valid") then use winbind. Use this if you just have a samba server you want to auth back to your AD.
For something more complex (like specifying unix UIDs, login shells, home directories, etc) you need to look at Microsoft Services for Unix (to extend the AD schema) and optionally pam_ldap/nss_ldap. I say "optionally" because SFU comes with a NIS server that can authenticate unix users - but you might not want to use NIS. Us
Re:Feature Request (Score:5, Informative)
Which (in my experience) just tanks your AD server.
I've tried it twice, and both times turned my AD server into a doorstop - the AD service locks hard, and there's no way to bring it back.. which makes the entire machine useless (as you can't log in without AD running) - a reinstall was required to fix it.
And apparently I'm not the only one this has happened to. [slashdot.org]
Re:Feature Request (Score:2)
I'm not as familiar with other distros though - so I'm not sure if it is as straightforward.
Re:Ditto - I've tried.. (Score:3, Informative)
A friend and I tried the same thing and got the same results.
Re:Feature Request (Score:2)
Re: (Score:2)
Re:Feature Request (Score:3, Funny)
Nice, but... (Score:5, Insightful)
Re:Nice, but... (Score:5, Interesting)
Re:Nice, but... (Score:2)
My new GNU/Linux Distribution (Score:5, Funny)
I am pretty sure I am not the only Linux veteran irritated by the increase in its user-friendliness, and mourning the loss of the good olde Linux, accessible only to those who enjoy kernel debugging. This is why I have decided to launch a new GNU/Linux distribution which requires extensive knowledge of Linux and of the computer system's internals.
The distribution shall be available in the combination of a floppy and a CD-ROM image. Why not only a CD-ROM image? I thought it would be a little too easy, and know you think that too; the CD-ROM is only accessible if you can read it, and this is why I provide a floppy: it contains an assembler and a linker, all you need to write a CD-ROM file system driver (and a partition driver to install the files). Here, I'll give you a head start: ISO 9660 specification [ecma-international.org]. Don't expect every task to be so simple, I won't be giving the answers each time.
The distribution is somewhat minimalistic, but can do pretty much everything one demands from a modern computer.
Obviously, all tasks are accomplished through the command line interface (no GUI is provided).
A Web browser isn't included (as if you expected one to be anyway), just telnet to port 80 of the Web sites to surf the Internet.
As for an email client, telnet to port 25 and learn how to use your email server.
For FTP capabilities, you may telnet to port 21 and use the standard commands.
As I have demonstrated, this is a very versatile and capable GNU/Linux distribution, meanwhile staying available only to real men who back up to FTP and not to tape (to ensure this, legacy support for tape drives is excluded).
Since potential users may have varying levels of experience, I am hence providing different versions of the distribution:
Your suggestions are welcome, and I hope you enjoy using my GNU/Linux distribution.
Funny because it's true (Score:3, Insightful)
Re:Funny because it's true (Score:5, Insightful)
You seem to be implying that there's something Mandriva can't do that all the other "more flexible" linux distros can. I'm not aware of such a thing. I'm not a linux guru... but I run Mandriva on a few machines and there's never been something that I wanted to do that I couldn't (remote administration, webserver, MythTV, etc.). I understand the "fun" of setting up a Gentoo machine... but if you want ease of use combined with power and flexibility, then use Ubuntu, Mandriva, etc. Everything installs easily, and then you can configure and fine-tune to your heart's content.
Re:Funny because it's true (Score:2)
Go to Ubuntulinux.org. Really. Once installer CD and an internet connection later, you'll have your nice friendly install. Well, about as friendly as Linux generally gets. You don't even have to use fdisk - it'll do that for you.
Re:Funny because it's true (Score:2)
Responding to your main points:
* laptop working in 1400x1050 properly: Check - automagic.
* power management works: Check - automagic.
* graphical partition manager: Check - Yast2
* plug-n-play DVD drive: Check
* mouse work automatically: Check
* alsa set up automatically: Check - aplay and alsamixer Just Work (TM).
* Printer setup: Check - KDE kprinter "Add Printer" wizard, accessible right from the pri
Re:My new GNU/Linux Distribution (Score:2)
Re:My new GNU/Linux Distribution (Score:5, Informative)
Re:My new GNU/Linux Distribution (Score:3, Insightful)
Actually, no. LDAP is (strangely enough) a "Lightweight" Directory Access Protocol. It's convenient that it also happens to use the letters LDAP for that, don't you think?
Lots and lots of different directory-like products can speak LDAP (AD, OpenLDAP, Exchange, Novell Directory, Sun Directory, etc), but LDAP itself is not a tool or product.
You don't hear anyone saying "man I installed this sweet HTTP that
Re:My new GNU/Linux Distribution (Score:2)
Re:My new GNU/Linux Distribution (Score:3, Funny)
Open Source Identity Management (Score:2, Informative)
Thankfully, Redhat's new Directory Server (based off iPlanet's) should be much easier to use and deploy.
Very fluffy article (Score:5, Interesting)
And for the record: Active Directory design isn't, IMHO, harder than the design of any other well-administered LDAP-based authentication system. Further, I'll say that Microsoft has done a fantastic job of making the administration tools transparent and easy-to-use, and the integration of Exchange mail servers & NIS authentication via Services For Unix into the same tool is icing on the cake. Sure, the per-server licensing fees aren't cheap, but you do get what you pay for in this instance.
Poor article (Score:5, Insightful)
This isn't to say I disagree but calling this article "news" is like calling the OpenLDAP FAQ [openldap.org] news.
Nonsense, but not for the reason you'd think (Score:5, Insightful)
As long as we have people putting passwords on post-its attached to their screens, as long as we have people clueless enough to fall for even the most simple of social engineering, there's no real thing as a proper ID on a computer system.
In my (amazingly wonderful) opinion, no system deserves the name ID management unless it has a genuinely good chance of doing so. Physical tokens or biometrics (aka built-in physical tokens) are a minimum.
Well, unless you're after the account ID, but I think admins are normally more concerned about the ID of the person using the account.
We need to stop barricading the windows when people are walking merrily through the doors.
Re:Nonsense, but not for the reason you'd think (Score:2)
In order authentication to be considered secure, at least TWO of the three ways of authentication need to be used.
The three ways are of course information, property and biometrics.
Re:Nonsense, but not for the reason you'd think (Score:2)
You might steal someone's secureID but it's not that likely to cut off someone's finger for getting access to John Doe's shitty office computer. Also, it's not really likely that someone can fake an iris authentication even if getting into a military c
Unrealistic security policies (Score:3, Insightful)
I agree. I think a large part of the problem, though, is that people are being given unrealistic demands for digital security wherever they go, that simply ignore everything we know about an ordinary human's cognitive ability. Even if a user can cope with one or t
OpenLDAP (Score:4, Funny)
Thanks SearchEnterpriseLinux.com!
Re:OpenLDAP (Score:2)
but even if it's not setup correctly, it's so easy to install you can fix the problem in a jiffy!
thanks sun [sun.com]!
Novell NSure (Score:5, Informative)
However, I'm very impressed by Novell NSure [novell.com].
Do not overlook this product if you're looking for a solid LDAP based Identity Management solution.
Bad Summary (Score:5, Interesting)
He basically just summarized the history of NIS and OpenLDAP, then gave us a link to some documentation for setting up OpenLDAP. Have fun editing slapd.conf, kids!
I was expecting that he'd at least mention Redhat Directory Server [redhat.com], which is the most interesting recent development as far as easy-to-manage Linux identity servers go.
Re:RDS questions (Score:5, Informative)
Yes [redhat.com]
The page makes it look like it isn't.
You're correct, RH's page is pretty misleading (maybe because they want you to buy a support contract from them?) - I had to hunt around for quite awhile before I found the source.
Is this the reincarnation of Netscape Directory Server?
Yes, although it's now known as "Fedora Directory Server"
They have a wiki for the project here [redhat.com]
eDirectory (Score:5, Informative)
Mindshare of a political movement (Score:5, Insightful)
One of the really tragic points is that although NDS and eDirectory were already ahead of what MS-Active Directory (AD) is now *ten* years ago. AD is suddenly what all the MS fanbois talk about to the exclusion of the more mature, secure, flexible, and compatible options like either eDirectory or plain ol' Kerberos + LDAP.
Actually, most AD articles don't cover many facts or even how to operate in a multi-platform environment. Plus there are a lot of short comings *still* in AD like scalability, performance and interoperability with non-MS systems. These are problems that you don't get with eDirectory or plain LDAP/Kerberos.
I'm sure part of it can be explained by the fanboi mentality where anything and everything from Redmond is great, especially the next version which is just over the horizon, etc. And that MS "valued" partners are more or less forbidden from looking at competing technology. Maybe other parts can be explained by MS' standard marketing methods, like the smear campaign against Novell.
I guess more of it makes sense if one looks at MS like a marketing company, as other posters have pointed out, rather than a software company. Though to me that's a bit 90's. MS is now heavily into lobbying and is bordering more on a political movement than a technology. Talk of AD is then a way of signaling membership in the movement/ideology. That would be another way of explaining fanbois who ignore LDAP+Kerberos or products like eDirectory, not even doing shoot outs against these competitors. doesn't make sense.
I miss the days the product comparisons actually compared useful tools and brought up the good and bad points of the ones examined rather than going over pre-approved 'talking points' I guess even Consumer Reports is no longer unaffected.
Article summary (Score:2)
-Backups in windows are really hard, but nobody ever wants to do them anyway.
-Project Athena at MIT invented Kerberos
-Sun NIS was originally called "Yellow Pages" in the 80's
-LDAP tools included with linux let you manage users, but you can change them if you want
Bah -- LDAP is weak authentication (Score:3, Informative)
For stronger authentication, using tickets for further authorization, use Kerberos. With LDAP, you must punch in your password repeatedly. Yes, it is the same password, but it must still be entered multiple times. In a properly Kerberized environment, you enter the PW once, and that's it. And, if desired, you can do some neat P
And, to head off some arguments -- Kerberos is pretty easy to setup. It is, at least, no harder than OpenLDAP to set up.
Try Kerberos -- you'll like it.
Re:Bah -- LDAP is weak authentication (Score:2)
For a loose collection of notes from the random ramblings of my mind, check out http://web.uconn.edu/dotmatt/SSO/ [uconn.edu]
Where's the comparison? (Score:3, Insightful)
Article improperly credits Project Athena for PAM (Score:5, Informative)
However, it was actually invented by Sun, and was eventually adopted as RFC 86.0 by the Open Software Foundation [opengroup.org] in 1995.
I think not. Here's why. (Score:2, Interesting)
Flame me for this, but Windows is a hell of a lot easier to learn and manipulate for the regular Joe users. In windows, if you want to change settings, you hit Start, Settings, Control Panel and you just select what you want to play with. In Linux, you actually have to know [redhat.com](very well) what you're doing [openldap.org] and how to do it. Now compare this. What will common users choose? Ease of use and user-friendli
Re:I think not. Here's why. (Score:2)
Re: Linux Wins (Score:2)
To use an old analogy:
Windows is like buying a car with the hood welded shut. Buy a new one when this one breaks.
Mac and OSX is like buying a luxury car. Lots of status and high-performance for driving to the market.
Linux is like owning a formula 1 race car. Very high performance, modifiable, and now with very attractive body. It has a hood you can open and modify to do exactly what you want. All at a very attracti
LDAP != Identity Management (Score:5, Interesting)
This is not to say it couldn't be part of the solution, but the end state is going to have a bunch of different components.
And MS's out-of-the-box tools (e.g. AD Users & Computers) are deeply pathetic for anything other than casual directory browsing. Third party tools are needed for the variety of different tasks involved in managing an AD-based NOS.
That being said, some of the cool new work being done with Samba taken with a Kerberos KDC for authorization and OpenLDAP for authentication could be a good place to start in building out an IdM system. Unfortunately, you would really need to be starting from scratch to have this be feasible....
Re:LDAP != Identity Management (Score:2)
Fortunately Novell has done great work how it approaches it. In a nutshell there is a master repository will everyones data in it. Data is fed in through standardized XML feeds. Plugins are available for common data sources like PeopleSoft and AD to translate their data to XML. Then this m
Fedora Directory Server (Score:2)
Useful Utility (Score:4, Informative)
Have a look at JXplorer [jxplorer.org] (or alternate Sourceforge [sourceforge.net] link).
It's a really nice open source LDAP administration and management utility that not only lets you do the easy entry editing stuff but a lot of the more complex tree management operations. It also has some really nice search building interfaces. I'm in no way connected with this project but it has replaced a number of free and commercial utilities we used to use.
It also lets you play with populating an OpenLDAP installation so you can begin to understand some of its real power and tuning potential.
LDAP (Score:2)
Not a good article. Slashdot has reached the prime of its peak and is now in its decline.
This might be better
Guy is strapped down into a pack of pressurized tanks and launched into the air.
It is windows media file but xine and mplayer under linux (x86) can open it.
http://www.lookatentertainment.com/v/v-1169.htm [lookatentertainment.com]
Have you heard of LDAP. (Score:2, Informative)
Here is my real world setup.
1. RedHat Enterprise server
2. OpenLDAP
3. Postfix (SMTP auth, Spamassassin, TLS, Postgrey)
4. Cyrus Imap Server
5. Samba File server
6. Apache WebDav
Right now I have a master copy of LDAP on the internal file server. Then two other servers (on the DMZ) are replicas. Samba pulls info from LDAP, Cyrus, Postfix, WebDAV as well. Not using Kerberos at this time, bu
Wow, that was one of the most inane posts yet (Score:2, Interesting)
I wonder how long till someone writes a three paragraph submission linking to goatse and tubgirl and it gets through.
In the meantime, Windows has point and click administration and the only people who find it difficult are beginners and people from other platforms. Exprienced Win admins don't tend to ha
So Wrong (Score:5, Funny)
Meaningless fluff (Score:4, Informative)
Of course, it has taken MS a while to catch up with the features Novell's NDIS directory offerings, but they are finally getting it right with 2003, and it is arguably the easiest to manage enterprise-scale LDAP implementation around. It isn't perfect mind you (we dig up plenty of bugs), but does seem to be the best thing going. Furthermore, Group Policy Objects are a seriously kick-butt feature. Besides, nothing else can properly issue authorization tokens (SID keychains) for Windows clients.
Now if only they would fix the huge heaping piles of Exchange integration bugs in Entourage...
(No, I'm not a MS apologist. They piss me off on a regular basis, both in terms of product quality, or lack thereof in many cases, and in terms of business practices; however, folks are barking up the wrong tree where these criticisms of AD are concerned. In a short time it has matured into a quality product.)
my experience with this configuration (Score:3, Informative)
All the key components exist, but none of them are well enough integrated to provide a convincing solution. Notably, Windows machines that log onto a domain use a microsofti[sz]ed version of the LDAP standard, CLDAP (Connectionless LDAP) which from my understanding OpenLDAP doesn't want to support because it's non-standard. This makes it's unsuitable for a Linux-based domain controller but suitable for most other tasks. Also, SAMBA 3 doesn't support Kerberos as an authentication backend, and so password synchronisation and single signon is difficult in a mixed windows and *nix environment.
The up and coming SAMBA 4 is promising to fix these shortfalls, with an inbuilt implementation of CLDAP, support for Kerberos authentication, etc. Until this happens, SAMBA and LDAP aren't going to meet the requirements of most medium size businesses as a replacement domain controller.
The lesson I learnt from my research is that a Windows server currently makes more sense for a Windows environment for things other than relatively simple implementations that a Linux one.
Graham
Better articles can be found here (Score:2)
Linux LDAP Tutorial [yolinux.com];
Enjoy,
Linux sucks at this.... (Score:3, Insightful)
WindowsAD(Win2k3) + SQL Server + Exchange + .Net or VBS WMI = Extremely simple administration.
LDAP is like 5% of what AD provides. Remember that AD offers authentication as well as OS level authroization. I don't know of anything in the Linux world that offers that just by running through a wizzard (ever set up AD?). You don't have to type anything if you don't want too, and for the programming heads, WMI/ADSI can do what isn't in the tools. There are also a lot of 3rd party products that can plug into AD.
True they bastardized the Kerberos implemention and you are locked into windows but without an enterprise wide OS level authentication/authorization Kerberos SSO model available you'll never convince a CIO to go linux with 20,000 desktops. IMO it's the reason that linux fails as a desktop. You simply can't sell it to corporations, even though it's free. Plus windows does much better to protect your system files than Linux, where any admin could use root to read any file without knowing it was done. In windows, you own your files and can restrict even domain admins access, unless they take ownership, but then they can't give it back.
You can linux vs windows all you want but Windows kicks the sh** out of linux when it comes to managing and administrating large environments. I also feel that windows has a much better security model and short of being the #1 target for hackers, has the potential to be much more secure than any Linux I've seen, short of SE Linux which does NOT make administration eaier at ALL. In fact I'll say that Windows is too easy to administrate. It still takes thinking like an admin to do it well but the truth is you could train someone who worked at Jewel's to administrate AD in about two weeks (it happened at my old gig). After using linux(Gentoo) for 6 months now I've determined that linux is the best system to work on and Windows is the best system to work in.
Flame on.
Re:*Fans cheer* (Score:2)
Is that the pr0n-viewing Knoppix-based distribution?
Re:choir (Score:2, Funny)
Re:choir (Score:4, Insightful)
This is an elegant version of "If you don't like Windows, try LDAP on Linux!" It may well trigger something useful here, though. One can hope.
worse.. (Score:2)
A Book Plug (Score:2)
That is true (Score:3, Funny)
No but... (Score:2)
Re:Gimme a brake -- you're just figuring this out (Score:4, Funny)
That would be break
Duh. =)
Your are sew write! (Score:2)
Re:news? Stuff that matters? (Score:2)
now, someone please mod parent "-1 troll"
Re:news? Stuff that matters? (Score:2)
Now, someone please mod parent "-1 Clueless"
Re:news? Stuff that matters? (Score:2)
When linux catches up in terms of commercial software, maybe it can be used in work enviornments. Then we can easily manage our IDs.
Re:news? Stuff that matters? (Score:3, Informative)
Re:news? Stuff that matters? (Score:3, Insightful)
ID management is a problem computer science students like to work on, hence it works well in linux. Actually making an operating system that people find useful and usable is an uninteresting and difficult problem, hence little work is done in that direction.
Moding a comment down because you disagree is double plus ungood.
Re:OT Shuttle scrubbed (Score:2)
Kind of... its called Update Services (Score:2, Informative)
Re:Where does it explain "how" it beat Windows? (Score:2)
Re:ID Management Problems - Cross Company (Score:3, Interesting)
Re:LDAP is what it is supposed to be. (Score:2)
*blink*
Re:EASIER?!? (Score:3, Interesting)
AD works. Sure, Windows 2000 without any service packs sucked, but they've pretty much nailed down most of the functionality bugs by now. And, it's not all that hard to use AD as a directory for all your systems, including Linux and Mac systems.
There's a lot of considerations for AD design and if you spend some quality time de