I am researching various solutions that would allow us to eliminate our use of Centrify. We are using Centrify to bridge our Linux system to AD so we don't have local accounts but rather all users are created and stored in AD. With Centrify we also prevent all authenticated users and create specific AD groups which allow users assigned to these server AD groups to login. Centrify gives us Group Policy which we use to disable root login on the SSH config.
To replace Centrify I am looking at IdM which is included with Oracle Linux. I was using this link - https://www.linuxsysadmins.com/step-by-step-installing-an-identity-management-server-in-linux-using-ipa/ to try and get things stood up but I don't want to use the IdM DNS but rather keep our Microsoft DNS. Is that possible? I don't want to, actually I am a bit scared to install this, break anything in our AD environment. Anyone have a good guide on installing IdM using Microsoft DNS, not the DNS with IdM? I was going to look at leveraging something like Ansible to maintain the SSH config that disables root login. I believe I can also disable authenticated users and then use the current AD groups and assign them to the servers in IdM to allow approved user to login to the system. I thought I read where IdM can also keep and maintain sudo files for each server.
Is there anything that would work better or would IdM fit the bill. Not needing anything extravagant, at least I don't think I need anything too great, to replace our current use of Centrify.
Any advice, tips, or helpful hints are greatly appreciated.