I have walked into a new client in need of a single sign on solution. My background is geared towards AD but I would rather implement a solution that makes most sense for them. Their environment has 1 windows 2003 r2 terminal server in a workgroup running QB, 4 CentOS w/ Samba boxes for development and File Server. Clients are mixture 10 Windows (XP/Vista) and 20 Macs, going forward only Macs will be added as clients. I am trying to figure out if openldap or implementing AD makes the most sense. If openldap, would one CentOS server act as PDC and other CentOS boxes sync via an ldap config file?