We run a group of ~30 SLED12 SP1 workstations with a SLES12 SP1 server providing a NIS and NFS server. The NIS server handles passwords, groups, automount and netgroups.

Every user has their home directory on their own machine and this is exported via NFS to all the other machines so that all users can access their home directory from all machines.

I would like to retain all the NIS functionality but remove from NIS the password map for security reasons. Instead, I would like to authenticate users against our organisation's Active Directory. I would also like to be able to limit which AD users can login to the machines. Can anyone provide any advice or point me at any resources that would help?