I have an implementation question regarding LDAP and AD.
I am looking for advice on a path forward for managing user accounts across about 500 Unix systems, which are comprised of a mixture of RHEL 5 and 6, and Solaris 10 and 11; There is also some OEL, which is basically RHEL 5, and some Suse sprinkled in. Currently, we are using local accounts, and I would like to move to a more streamlined/centralized method.
I need a solution that has a support package tied to it, as it's for a government installation and that is a mandatory requirement.
I was thinking about using Red Hat Directory Server, which is basically 389-DS. Having the AD server do a one-way sync to the DS, then have all the Unix systems point to the DS. However, I read that in some instances you can have systems point directly to AD servers and get their authentication directly from the AD, so you don't need an LDAP intermediate server, but I am not sure it will work for all systems/OSes. e.g. I read that you could use RHEL's IdM (Identity Manager) on RHEL 6, but I don't think this will work on RHEL 5.
I also thought about using LDAP for sudoers file management, as well as storing ssh public keys.
I installed 389-DS to do some testing, and I also looking at FreeIPA because it provides Kerberos, as well as Samba.
Any advice or experience anyone would like to share would be greatly appreciated.
Thanks,
Mike