I like what freeipa offers but it appears privacyidea offers similar features. When combining privacyidea with ldap is there any reason to use freeipa over ldap?
I’d be using privacyidea either way as it integrates into apps freeipa doesn’t.
welcome to the privacyIDEA forum.
This question is probably not suited well here. Since it is a generic question independent of privacyIDEA.
FreeIPA is simply more than LDAP. FreeIPA also gives you an LDAP directory. But it also gives you policies and other authentication protocols like kerberos.
…Just as an idea to get you started…
I do run FreeIPA as a backend for PrivacyIdea.
FreeIPA gives me AD like functions for my Linux clients, so central users, authentication,
SSO, HBAC, DNS and sudo rules. I also like the integrated CA and certmonger to auto-renew certs.
Enrolled clients use sssd, so they cache credentials (e.g. for laptops, road warriors).
If you can live with LDAP only - fine (sssd might be useful too). But once you need
or like advanced functions from FreeIPA it’s easy to set up and use. Even if you
only like the user management UI (web or ipa command line) it might be better
than simple LDAP with phpldapadmin or something like that.
FreeIPA can handle HOTP, TOTP and yubikeys, but no U2F or other tokentypes.
How and why I documented for my FrOScon talk this year:
It really depends what your requirements are and what kind of integration you need.
Other people might use Samba as a userstore…