[brmgb]

> I mean once I understood how to configure it...

AD is a misnomer. It's not simply a directory. It not only does what OpenLDAP does but also what Kerberos does.

Openldap is aweful to configure by the way. The documentation is terrible, sometimes lacking important piece of information. I remember TLS being a pain to setup. Actually I think everything having to do with authentication (PAM, OpenLDAP, Kerberos, nss) on Linux is a pain to setup.

By comparison, AD is fairly nice.

[corty]

OpenLDAP is just a lego piece of an actual equivalent, you would need a schema and a ton of configuration to use it as a user and authz directory. A better equivalent to AD would be FreeIPA, which is 389ds (LDAP server, similar to OpenLDAP) plus Kerberos plus OS integration and admin tools. However, the config and install part that AD has would still be separate in something like puppet.