Although Ansible performs a fine job when it comes to managing user accounts across an estate of servers, the best practice in an enterprise is to make use of a centralized directory system. A centralized directory is able to perform a number of tasks that Ansible can not—for example, enforcing password security criteria, such as length and character types, password expiry, and account lockout when too many incorrect passwords are tried. As such, it is highly recommended that such a system be used in the enterprise.
Indeed, many enterprises already have such a system in place, two common ones being FreeIPA and Microsoft Active Directory (AD). In the following sections, we will explore the integration of these two systems with your Linux servers.