LDAP

Well if Zorin gets their product out ever, it is Zorin Grid. Until then I see opensuse has AD support https://doc.opensuse.org/documentation/leap/security/html/book-security/cha-security-ad.html

As for clients their is Leap/tunbleweed autoyast to capture an install setup and replicate to new installs. Or if you choose MicroOS it’s a config file you use at first boot to set user, apps, settings etc

But I’m hoping Grid will become an all in one management system Zorin promises

What do you mean by large? For up to a few hundred the typical orchestration tools like puppet, ansible etc. are likely enough. Plus you need monitoring. The old school system was nagios. IDK what the cool kids use now.

For 1000+ servers you probably have to know what you’re doing, and you’ll have gotten the knowledge from running smaller clusters. I get the impression that this is the level where Kubernetes starts to be worth the complexity, but I haven’t dealt with it myself.

Puppet / Foreman / Ansible for managing servers, and probably for workstations too.

Checkmk / Nagios / Zabbix for monitoring.

FreeIPA for user management.

FreeIPA (IdM on RHEL clones) is similar in some functionality (you join the domain, you allow certain users/groups can run certain commands [like controlling sudo’ers], etc.) and it’s also a CA).

For configuration management I lean towards Ansible (Puppet, Salt, Chef I think all use a Ruby syntax, Ansible is YAML), and for deployment well Terraform, Kickstart and cloud-init - without knowing your environment it’s difficult to be more precise. There’s also Pyinfra which I’ve been meaning to give a whirl but not had a chance.

You’ve also got Keycloak if you need OIDC or SAML functionality (for SSO).