Another +1 for FreeIPA. It will be very helpful if you're familiar with ssl, ldap, kerberos, osx authentication and account management in the case of needing to troubleshoot.
I've migrated a small office (~100 OSX clients) from OpenDirectory to FreeIPA without too many headaches -- accounts with expired passwords (users ignore the notifications...) and fine-tuning the account lockout and expiration policies were only trouble. Here's my notes <http://distortion.io/~waz0wski/2014/11/osx-ipa-auth/> -- not much client work since our workstation user accounts were configured as "mobile" accounts with only local data (no sync) and had matching first.last account names between directories. Just a quick reconfig of auth on the workstation, reset user dir permissions, and logout/login > On Mar 23, 2015, at 6:24 PM, Brian J. Atkisson <br...@atkisson.net> wrote: > > +1 for FreeIPA or Red Hat IdM (if you wanted the supported version). > > If you don't want the full blown IPA product with Kerberos and PKI, > you can use the 389 Directory Server. I've found it to have the best > multi-master support of any of the options out there. > > Disclaimer: I do work with with the 389 DS developers on occasion and > run a large 389/RHDS cluster. > > Cheers, > Brian > > On 3/23/15 7:39 AM, Jason Healy wrote: >> Hello all, >> >> I’m looking to tap the collective wisdom for product selection >> advice and also recommendations for professional services for our >> environment. We’re looking to replace our current authentication >> system. We’re a K-12 that’s all-Apple (about 500 client machines). >> On the server side, we’re a mix of OS X, Linux, and BSDs. >> >> We currently run Apple’s OpenDirectory (OD). We use it as the >> central auth for wireless (RADIUS), Apple-based logins (AFP, >> FileMaker), web services (Apache LDAP auth), and server and >> bound-client logins. Let’s assume for the moment (lest this thread >> get out of control) that: >> >> - We want to move away from Apple for auth - We do NOT want to move >> to Windows AD >> >> I’ve re-read the recent discussion from October 2014 about “AD for >> Linux”, and it sounds like there are some good options out there. >> I’ve got a short list of: >> >> - Samba 4 - FreeIPA - Apache DS >> >> I’m looking for: >> >> 1) Any other projects I should take a look at for central auth. >> >> 2) Recommendations for companies that will consult and help us >> design, build, deploy, and document a functioning central auth >> system using one of these technologies. >> >> We love figuring stuff out for ourselves, but I’m behind on some >> projects and this seems like something that we could get some help >> on rather than mucking about on our own. I know of a couple >> open-source consulting firms by reputation, but would love to hear >> of others. We’re near Hartford CT / Springfield MA if we’re >> talking about local shops. >> >> Thanks in advance for any advice, >> >> Jason _______________________________________________ Tech mailing >> list Tech@lists.lopsa.org >> https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list >> provided by the League of Professional System Administrators >> http://lopsa.org/ >> > _______________________________________________ > Tech mailing list > Tech@lists.lopsa.org > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
