Real/Easy Active Directory Integration For Large/Complex Domains

Right now, with RHEL 5/6, if one wants to do AD-based user management, one has several options:

• NIS-gateway mode
• Kerberos-only
• LDAP-only
• winbind
• Third party (Centrify, LikeWise, etc.)

NIS gateway mode sucks: have to modify your AD servers to do it and it's cleartext any way. Pretty much, no one should use this.

Both the straight-kerberos and straight-LDAP don't give you the level of AD integration that either Winbind or third-party methods do.

Winbind is sufficient for small, simple AD environments, but not so good for an environment such as I work in where there's nearly 100,000 user accounts in AD and many more other types of objects, plus cross-realm trusts and other complexities.

Third party tools are good for these kinds of large and complex environments ...right up to the point where you want to turn on SELinux. Then, they pretty much completely break - leaving you with the choice of having either full AD integration or SELinux enabled.

My assumption is, were RedHat to release an AD-integration tool for RHEL 7 that was as scalable as Centrify or LikeWise, that they'd do so in a way that was SELinux compatible.