The only sense it makes is that M$ hasn’t followed the spec, and so things done in office display fine in say libreOffice, but not the other way around. So if your company is willing to transition, but everyone you deal with outside the company is still on Office, there’s a bit of a communication issue. That’s M$'s biggest strength, homogenous work environments.
It is not intended to be used for machine-to-machine communication.
YAML is not supported by a lot of enterprise software (example: Azure pipelines supports it but Power Automate does not). JSON, XML, CSV, or failing that Text are the safe bets. We use a few options for reading or building presentation layers quickly. Ultimately the idea is to move data around in a way that is friendly to our current and future applications.
It’s absolutely trivial to convert either format to json if necessary. The real killer for me with json is the lack of comments. Human-maintained files absolutely need comments.
For Linux user management you can just use an LDAP solution like FreeIPA. You can even tailor sudoer rules based on security groups, so like you can allow someone to reboot the server but not actually make configuration changes to system config files and what-not. It’ll also handle CA and PKI with smart card support and of course DNS. It has a web interface as well.
I’ve done workstation maintenance in a previous job. Every part of the Linux centralized management was worse than Windows. We did it to support our coworker’s wishes, but SSSD constantly shits the bed, and having to code (config management) to write some pretty simple rules like default printers is super annoying compared to the Active Directory built ins.
I don’t know, I like using Fleet Commander with FreeIPA (where it stores the profile). You just spin up the template VM for whatever like-clients on the network you want to make default profiles for and make the changes, shut it down, checkbox the changes (the configurations and stuff) that you approve and let it apply the profiles across the network. Easier than depending on Puppet or Ansible playbooks IMO.
I have had issues with SSSD as well though and it had to do with Kerberos tickets but I can’t remember what I did to fix it. We’d have to manually use kinit on each machine when it’d basically fall off the realm. I want to say it was a DNS issue but it was so long ago, I just don’t remember.
We used to use Centrify for Linux and Solaris and it was easy using Access Manager to basically handle AD users and computers with Active Directory and had some GPO support (you could push config writes with GPOs for example and organize it all via OUs for example) but it would get a little wonky between trusts in the forest sometimes (in regards to zone management in Centrify) and they kept getting more expensive. Maybe they’ve fixed that stuff now but it was really simple to use and you could basically manage a lot through the AD and create group profiles in the Access Manager. I think the last straw was wanting to force us to license the entire suite regardless of whether we were using it or not. Personally, I never liked it because it wouldn’t use SSSD or kclient/nsswitch and if some service tried to join the realm/domain, it’d join using the same computer accounts and basically break the account since Centrify used its own client, so you’d specifically need to join the computer accounts via Centrify as a different name. It wasn’t detrimental or anything – just annoying that it was a problem at all. Also, sometimes the user cache database saved in specific users’ appdata that use Access Manager would corrupt from time to time and you’d need to manually delete it to use Access Manager. I’d hope they fixed that by now too though.
All and all, I’m not saying Active Directory isn’t an excellent product because it is and I’m not saying that there is a 1:1 solution for Linux but I’m saying it that in my experience it isn’t terrible either with FreeIPA and products you can use with it. I definitely hated other 389 solutions prior to FreeIPA though.
The only sense it makes is that M$ hasn’t followed the spec, and so things done in office display fine in say libreOffice, but not the other way around. So if your company is willing to transition, but everyone you deal with outside the company is still on Office, there’s a bit of a communication issue. That’s M$'s biggest strength, homogenous work environments.
That’s why my business only uses pure, crisp .txt files. If I can’t open it in notepad, I don’t want it!
I have unironically been preaching the powers of text and JSON, and have some converts. Universal compatibility is great.
Json is a garbage format for anything that’s meant to ever be touched by a human. At least use yaml or json5.
In the first paragraph of JSON5’s site:
YAML is not supported by a lot of enterprise software (example: Azure pipelines supports it but Power Automate does not). JSON, XML, CSV, or failing that Text are the safe bets. We use a few options for reading or building presentation layers quickly. Ultimately the idea is to move data around in a way that is friendly to our current and future applications.
It’s absolutely trivial to convert either format to json if necessary. The real killer for me with json is the lack of comments. Human-maintained files absolutely need comments.
Fuck it! I’m in!
There shouldn’t even be word processor documents between companies. PDF is the file type for maintaining consistency of page formatting!
Should be and is in fact? Two veeeerrrry different things
Microsoft’s biggest strength is the Active Directory. Linux user and computer management is a huge PITA.
For Linux user management you can just use an LDAP solution like FreeIPA. You can even tailor sudoer rules based on security groups, so like you can allow someone to reboot the server but not actually make configuration changes to system config files and what-not. It’ll also handle CA and PKI with smart card support and of course DNS. It has a web interface as well.
I’ve done workstation maintenance in a previous job. Every part of the Linux centralized management was worse than Windows. We did it to support our coworker’s wishes, but SSSD constantly shits the bed, and having to code (config management) to write some pretty simple rules like default printers is super annoying compared to the Active Directory built ins.
I don’t know, I like using Fleet Commander with FreeIPA (where it stores the profile). You just spin up the template VM for whatever like-clients on the network you want to make default profiles for and make the changes, shut it down, checkbox the changes (the configurations and stuff) that you approve and let it apply the profiles across the network. Easier than depending on Puppet or Ansible playbooks IMO.
I have had issues with SSSD as well though and it had to do with Kerberos tickets but I can’t remember what I did to fix it. We’d have to manually use kinit on each machine when it’d basically fall off the realm. I want to say it was a DNS issue but it was so long ago, I just don’t remember.
We used to use Centrify for Linux and Solaris and it was easy using Access Manager to basically handle AD users and computers with Active Directory and had some GPO support (you could push config writes with GPOs for example and organize it all via OUs for example) but it would get a little wonky between trusts in the forest sometimes (in regards to zone management in Centrify) and they kept getting more expensive. Maybe they’ve fixed that stuff now but it was really simple to use and you could basically manage a lot through the AD and create group profiles in the Access Manager. I think the last straw was wanting to force us to license the entire suite regardless of whether we were using it or not. Personally, I never liked it because it wouldn’t use SSSD or kclient/nsswitch and if some service tried to join the realm/domain, it’d join using the same computer accounts and basically break the account since Centrify used its own client, so you’d specifically need to join the computer accounts via Centrify as a different name. It wasn’t detrimental or anything – just annoying that it was a problem at all. Also, sometimes the user cache database saved in specific users’ appdata that use Access Manager would corrupt from time to time and you’d need to manually delete it to use Access Manager. I’d hope they fixed that by now too though.
All and all, I’m not saying Active Directory isn’t an excellent product because it is and I’m not saying that there is a 1:1 solution for Linux but I’m saying it that in my experience it isn’t terrible either with FreeIPA and products you can use with it. I definitely hated other 389 solutions prior to FreeIPA though.
You spelt monopoly wrong.