Home

Search self-host user groups and acxess management

$$9584
https://feddit.org/u/ratatouille posted on Mar 9, 2026 19:29

While speaking with a colleague who is working in a small company he told me, that the lost track about user right management. They had a an excel table where they tracked all user groups and special rights users in the company have. But depending on some changes in the company structure, they got problems.

Is there any selfhosting software to manage usergroups, teams and userrights in a modern UI? It should be abe to set also data owner and so may keep track on non Active-Directory data.

https://feddit.org/post/26871125
Reply
$$9820
https://lemmy.world/u/non_burglar posted on Mar 10, 2026 02:20
In reply to: https://feddit.org/post/26871125

This is a problem solved for decades by LDAP. There are many, many management and audit frontends for LDAP.

https://lemmy.world/comment/22573232
Reply
$$9959
https://lemmy.horwood.cloud/u/mhzawadi posted on Mar 10, 2026 07:31
In reply to: https://lemmy.world/comment/22573232

LDAP is the Linux equivalent of a window domain controller, but it can be used by a wide variety of other systems as authentication and authorisation.

Linux it’s self can use it too

https://lemmy.horwood.cloud/comment/2012932
Reply
$$9966
https://lemmy.world/u/slazer2au posted on Mar 10, 2026 07:48
In reply to: https://feddit.org/post/26871125

There is a section on Identity Management in the awesome sysadmin repo.

https://github.com/awesome-foss/awesome-sysadmin?tab=readme-ov-file#identity-management

But if they are using O365 or Google Workspace they both come with Identity Management

https://lemmy.world/comment/22576318
Reply
$$10071
https://lemmy.world/u/non_burglar posted on Mar 10, 2026 13:00
In reply to: https://lemmy.horwood.cloud/comment/2012932

LDAP is the Linux equivalent of a window domain controller

I assume you meant “Active Directory”. AD is based on a heavily modified LDAP schema, but they are interoperable. AD adds a LOT of extra functionality on top of the auth part of it, however.

Linux it’s self can use it too

That’s why I suggested it.

https://lemmy.world/comment/22579972
Reply
$$10072
https://lemmy.horwood.cloud/u/mhzawadi posted on Mar 10, 2026 13:02
In reply to: https://lemmy.world/comment/22579972

it was more for anyone who doesnt know LDAP

https://lemmy.horwood.cloud/comment/2013508
Reply
$$10592
https://programming.dev/u/moonpiedumplings posted on Mar 11, 2026 19:32
In reply to: https://feddit.org/post/26871125

  1. Use an Identity Provider (IDP)*. Other people have mentioned LDAP, which can play this role.

  2. Use groups within the IDP to declare who has what privileges.

  3. Apps using the IDP for auth can read the groups and allow/deny permissions based on groups.

*Or Identity and Access Management if you are in the cloud ig.

For open source solutions, I would recommend:

  • Authentik (what I use)
  • Kanidm (doesn’t have web ui)
  • Nubus by Univention

These three solutions all have invites, ldap, and can act as oauth providers. (Oauth is single sign on), which are the features I want. There are also integrated, including it all in the one app.

There is also LLDAP, which is a web ui for ldap, and then you could use a service that connects to that, like authelia or keycloak, to add oauth on top.

https://programming.dev/comment/22663082
Reply
$$10600
https://programming.dev/u/moonpiedumplings posted on Mar 11, 2026 20:06
In reply to: https://feddit.org/post/26871125

Second post, but also check out midpoint by evoloum: https://docs.evolveum.com/iam/

It is a modern web frontend on top of Active Directory.

https://programming.dev/comment/22663661
Reply