Re: Useful in the installer
On Sun, Aug 24, 2025 at 2:49 PM Darac Marjal <mailinglist@darac.org.uk> wrote:
> The "enterprise" solution here is FreeIPA. FreeIPA works as a central server for one or more "domains" to which users belong. After setting up FreeIPA, an administrator would join new computers (by which we might mean physically new, or just logically new because the OS has been reinstalled on a an existing device) to the domain. Once joined to a domain, the computer knows about all the users in that domain and - barring extra restrictions - will allow those users to log in.
Though many distros have dropped LDAP,
alas, not uncommonly to push their own
commercial non-free "solutions",
Debian still very much well provides LDAP.
Not as trivial to initially set up and configure,
but once in place, pretty easy to well maintain and manage.
Oh, and it's often much more flexible and capable than the
non-free commercial "solutions", though again, may not be
as easy, and certainly not trivial, to configure, in most
typical real-world situations.
But LDAP or the like is generally only going to be useful
if one has the suitable system(s) to run as the server(s)
for such, and that generally needs be quite reliable,
as then most of the authentication for everything else
depends upon that ... though caching/replication can
sometimes well reduce the stringent availability requirements.
Reply to: