Even though it is possible to run an AD with samba, it requires more than just clickety click on a bunch of boxes and MS AD is quite a large very functional product.

It is absolutely wank compared to eDirectory but I'll be whistling in the wind on that one!

eDir is what AD should have been.

eDir is (well, was?) awful at any kind of scale, especially if you have lots of different compliance policies.

Is there an OSS implementation?

[0] https://en.wikipedia.org/wiki/List_of_LDAP_software

[1] https://en.wikipedia.org/wiki/Directory_service#LDAP_impleme...

I’ve been meaning to get around to trying Samba’s AD emulation for several years now.

AD has been very solid in my experience. Samba has big shoes to fill in my mind. Is it really workable as an AD replacement for a real production AD environment today?

Yes it is workable but you still need MS tools to configure things like group policy.

I don't think so. Start with Azure AD if you want the Microsoft system.

Actually, you can use Azure AD even without any Windows systems.https://canonical.com/blog/new-active-directory-integration-.... But licensing is still going to cost you.

Having said that, as a former directory engineer (iPlanet/Sun/Oracle/ForgeRock) I don't think any of the Azure AD workarounds, including samba's (who really needs CIFS in a world where files can be served up over https with secure OAuth?), are worth all the extra effort. If you need an enterprise directory, you should deploy one. The good news is that both Ubuntu and Red Hat now support Azure AD, so you're not stuck with half measures.

Of course not every shop _needs_ a system/network directory, and both those Linux ecosystems support a range of user and system management options that can do the job. Even if you finally find yourself in need of something more, AWS and GCP offer competitive identity services that can work just as well with non-legacy systems as Azure AD (so long as you don't have any Microsoft PaaS or SaaS dependencies).