I do run FreeIPA as a backend for PrivacyIdea.
FreeIPA gives me AD like functions for my Linux clients, so central users, authentication,
SSO, HBAC, DNS and sudo rules. I also like the integrated CA and certmonger to auto-renew certs.
Enrolled clients use sssd, so they cache credentials (e.g. for laptops, road warriors).
If you can live with LDAP only - fine (sssd might be useful too). But once you need
or like advanced functions from FreeIPA it’s easy to set up and use. Even if you
only like the user management UI (web or ipa command line) it might be better
than simple LDAP with phpldapadmin or something like that.
FreeIPA can handle HOTP, TOTP and yubikeys, but no U2F or other tokentypes.
How and why I documented for my FrOScon talk this year:
It really depends what your requirements are and what kind of integration you need.
Other people might use Samba as a userstore…