Comment by bubblethink
7 years ago
There is nothing hacked together in this. If you are not aware, freeipa (called idm downstream by RedHat) is a pretty full featured solution with is more or less a replacement for AD if your clients are unix based. And RedHat will absolutely support your scale requirements. It is mostly that AD is a lock-in in itself due to windows, and duo will work better with AD, whereas idm/freeipa does not have a standalone 2fa product that would work with AD.
> more or less a replacement for AD if your clients are unix based
Few people are lucky (?) enough to support a purely unix environment. AD is not expensive when it comes to enterprise-scale projects and plenty of things simply require it for proper support, so I've never seen an enterprise that doesn't have it. I have seen enterprises with classic non-AD pre-Windows-2000 LDAP integrated alongside AD, but usually just as a legacy thing that's too hard to remove.
Considering the amount of resources available to help with AD vs. the amount you'd need to be able to support a 3rd party solution, it should be no surprise MS still has a stranglehold on this. What's more surprising is how badly they've fumbled the use of Azure AD, SSO, ADFS, etc. as real solutions compared to the cloud-first vendors like OneLogin, Duo, Centrify, etc.