Our company went for openldap because we weren't getting any money at the time.
Everything was running Debian on old workstations.
A few years later, we got money for hardware, and we've built around what we had and ended up with quite a cool setup. Pretty much all based on Debian stable and FOSS.
I haven't used AD before, so I can't say openldap will be better, however it pretty much does what we need it to.
We have e-mail routing based on ldap attributes with postfix, authentication and authorization for courier-imap and pop, apache http auth, intranet (drupal), bugzilla, Request Tracker, kbox, jabber...
Recently, we got some Cisco ASA's for vpn client usage, which can do authentication and authorization based on LDAP.
For the Windows machines, we've got a domain with samba 3 that uses openldap as backend. That works great. We just don't have group policy, which would be nice to have, but I've read here that it ought to work even with samba, so maybe we could look into that as well.
All of our ldap traffic is nicely secured with TLS and SSL, and the datase is replicated to a dozen LDAP slaves in all of our worldwide offices.
We also query the db for contact details from the mail client and our contact page on the intranet, as does our avaya phone system to find phone numbers and even some of the fax machines we've got.
(And address book/mobile phone sync)
We also don't have to worry about licensing, which is quite nice when you want to try something out with a testbed or want to do some redundancy.
Slashdot Mirror
Our company went for openldap because we weren't getting any money at the time. Everything was running Debian on old workstations. A few years later, we got money for hardware, and we've built around what we had and ended up with quite a cool setup. Pretty much all based on Debian stable and FOSS. I haven't used AD before, so I can't say openldap will be better, however it pretty much does what we need it to. We have e-mail routing based on ldap attributes with postfix, authentication and authorization for courier-imap and pop, apache http auth, intranet (drupal), bugzilla, Request Tracker, kbox, jabber... Recently, we got some Cisco ASA's for vpn client usage, which can do authentication and authorization based on LDAP. For the Windows machines, we've got a domain with samba 3 that uses openldap as backend. That works great. We just don't have group policy, which would be nice to have, but I've read here that it ought to work even with samba, so maybe we could look into that as well. All of our ldap traffic is nicely secured with TLS and SSL, and the datase is replicated to a dozen LDAP slaves in all of our worldwide offices. We also query the db for contact details from the mail client and our contact page on the intranet, as does our avaya phone system to find phone numbers and even some of the fax machines we've got. (And address book/mobile phone sync) We also don't have to worry about licensing, which is quite nice when you want to try something out with a testbed or want to do some redundancy.