Note to self: explore FreeIPA. Someone on Serverfault suggested it and said it was what AD is for Windows. If it is, it would relieve me of LDAP hell. Too long for this blog post, but I spent about a week (or more) full-time to get an LDAP setup working, with all security measures in place. It involved diving into source code, discovering and reporting Ubuntu documentation bugs, etc. An experience I don’t care to repeat.