Recently I ran into issues with a couple of other authentication servers when I attempted to use them on LXCs on my VPS to avoid having to avoid having a whole bunch of password databases.
With Samba4 I ran the edge of the feature set and lost out on a third of the reasons I would use LDAP in the first place https://lists.samba.org/archive/samba/2015-May/191867.html by not having replication I can depend on due to the FSMO inability to seizing the Domain DNS Zone Master and Forest DNS Zone Master roles. I only have fail over if the wrong LDAP server doesn't fail. I tried OpenLDAP as well, but my problems can be described simply as a lack of a good way to deal with cn=config. The setup and maintenance got too costly to justify its use and the documents and the tools haven't caught up with the new configuration style. If I attempted to to migrate from Samba4 to Apache DS, will I run into anything game-breakingly weird that would make me want to try libpam-pgsql?
