And decided that it was cheaper and easier to just outsource it to Microsoft. Because doing it in today's environment - different work computers, backend servers, mobile devices, etc - is much more complicated than just managing permissions on a mainframe.
Distributed databases are a solved problem (besides maybe performance). Offloading account management to arbitrary databases too. Why everyone is using Microsoft is, because then they have someone to blame, instead of needing to point at themselves.
And setting up things like rsync to replace dropbox is also "fairly quick"!
The point isn't that but the fact that like a normal user, a normal business don't want to have to tinker with low level components to get the functionality they want. They desire to pay and get a working piece of infrastructure with low hassle (tho i get saying active directory being low hassle is weird).
But a normal user isn't going to setup AD either. This will be done by sysadmins anyway, so stuff like being able to put the configuration into version control is actually useful for them. The "normal business" has lots of employee databases anyways and integration is actually a feature instead of needing to sync it with bespoke Microsoft internals.
So you can hook up all those internal employee databases to your new created libpam-mysql and hook it up all to slack or just use what Microsoft sells you.
I do not need to create it, it already exists. Yes, you can write your own pam module, but in general you do not need to.
> just use what Microsoft sells you.
Which means now your employees need to manually sync the MS and your internal databases. Depends on how much your employees time is worth for you. I mean a lot of companies do exactly that, but it is certainly not the cheaper option.
Also using what MS sells is also illegal. Not that anyone cares, as whole Europe ignores that, but when you meet a civil servant on the wrong foot, your company is toast.
Active Directory is a very no-code tool and has a ton of documentation and certifications online, no college degree required. And it's built by paid devs with a verifiable software supply chain.
I just looked up libpam-mysql and it is not no-code at all. And it looks like an unpaid community project which allows contributions from anywhere. That's not a true replacement.
It is so simple, that the whole documentation fits in the README. All you need to do is to tell it the table and column names of your existing database and of you go. If you have something more complicated you can also put arbitrary SQL statements in there.
So my configuration is this (I only redacted the company name, the remaining is copied verbatim):
users.host = /run/mysqld/mysqld.sock
users.database = Company
users.db_user = mail
users.db_passwd = $(secret-tool lookup user mail@mysql)
users.table = User
users.user_column = username
users.password_column = password
users.password_crypt = Y
> and it is not no-code at all
Then tell me how I put your "no-code tool" into the VCS?
> no college degree required
Yeah, which nearly everyone has, but now you need to run through tons of certification programs instead. Which cost a lot of money, so you have the "Certified Rockstar Active Directory Consultant Adviser (TM)"
> it looks like an unpaid community project
> built by paid devs with a verifiable software supply chain.
Which is how most FOSS OS work, which have way more of a verifiable supply chain than your proprietary closed-source OS from Microsoft.
> it is not no-code at all. no college degree required.
Which totally matters, because you want random Joe who hasn't even finished college to be able to mess around with the company authentication setup.
