This is a problem solved for decades by LDAP. There are many, many management and audit frontends for LDAP.
this post was submitted on 09 Mar 2026
4 points (83.3% liked)
Selfhosted
58479 readers
428 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
-
No low-effort posts. This is subjective and will largely be determined by the community member reports.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 2 years ago
MODERATORS
LDAP is the Linux equivalent of a window domain controller, but it can be used by a wide variety of other systems as authentication and authorisation.
Linux it's self can use it too
LDAP is the Linux equivalent of a window domain controller
I assume you meant "Active Directory". AD is based on a heavily modified LDAP schema, but they are interoperable. AD adds a LOT of extra functionality on top of the auth part of it, however.
Linux it's self can use it too
That's why I suggested it.
There is a section on Identity Management in the awesome sysadmin repo.
https://github.com/awesome-foss/awesome-sysadmin?tab=readme-ov-file#identity-management
But if they are using O365 or Google Workspace they both come with Identity Management
-
Use an Identity Provider (IDP)*. Other people have mentioned LDAP, which can play this role.
-
Use groups within the IDP to declare who has what privileges.
-
Apps using the IDP for auth can read the groups and allow/deny permissions based on groups.
*Or Identity and Access Management if you are in the cloud ig.
For open source solutions, I would recommend:
- Authentik (what I use)
- Kanidm (doesn't have web ui)
- Nubus by Univention
These three solutions all have invites, ldap, and can act as oauth providers. (Oauth is single sign on), which are the features I want. There are also integrated, including it all in the one app.
There is also LLDAP, which is a web ui for ldap, and then you could use a service that connects to that, like authelia or keycloak, to add oauth on top.
Second post, but also check out midpoint by evoloum: https://docs.evolveum.com/iam/
It is a modern web frontend on top of Active Directory.