Windows' "ActiveDirectory" feature basically is LDAP. The operating system has excellent and thorough support for LDAP ... as do most OSes (including Linux). You don't have to use a particular file-system et al in order to get its goodness.
LDAP can be used for authentication, authorization, or both. Linux and Windows can be configured to respect the same sets of rules, to achieve a "single sign-on" effect.
Also, all operating systems have to consider the reality that different companies use LDAP in different ways: the LDAP-directory structure might not be identical, so the OS functions must adapt to ... therefore, be adaptable to ... whatever legacy arrangement is actually there. "If your key-card access system in 50 buildings 'got there first, and years ago,'" then other LDAP uses might be obliged to adapt to it ... and, they can do so. Each OS might have a different way to do it, but all can do it.
I strongly recommend the use of management systems such as LDAP and Kerberos ... even in a small-office setting. (And, behind the scenes, well-concealed by GUIs, you'll often find this sort of thing is going on already.)
Last edited by sundialsvcs; 09-20-2015 at 03:51 PM.
|