this post was submitted on 18 Nov 2023
1 points (100.0% liked)

Self-Hosted Main

515 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS
 

Hi,

I would like to deploy LDAP on PVE container.

Tried below but failure to make LDAP connection.

  • OpenLDAP (over Alpine container)
  • LLDAP (docker)

Mainly for Wi-Fi - Fortigate / radius / Duo 2FA authentication use.

May I know any good setup guide or better replacement ?

It's good if has UI for account management.

Thanks

top 8 comments
sorted by: hot top controversial new old
[–] rrrmmmrrrmmm@alien.top 1 points 11 months ago

If you really only want LDAP, take LLDAP. But most people might want more and in that case KanIDM (LDAP, OAuth2, RADIUS and more) might be what you're looking for.

Both projects are modern, written in Rust and very lightweight.

[–] bsmk_@alien.top 1 points 1 year ago

Today I would setup Authentik and use their LDAP outpost, but mostly of my use is SAML so that makes sense for me.

[–] jasieqb@alien.top 1 points 1 year ago

If you have 2gb for a separate VM then go with freeipa

[–] adamshand@alien.top 1 points 1 year ago (2 children)

I managed OpenLDAP servers professionally for years. You don't want to use OpenLDAP unless it's something you want to learn about.

LLDAP (or GLAuth) does everything you need in a homelab context for a fraction of the effort, complexity, and hassle.

[–] mailliwal@alien.top 1 points 1 year ago

I have tried to install on Alpine, but doesn't know how to configure (create user / domain, etc.)

[–] nibbl0r@alien.top 1 points 1 year ago (1 children)

I wish I read this post 2 years ago, before I set up my OpenLDAP m(

[–] adamshand@alien.top 1 points 1 year ago

You have climbed mountains and gained skills. Congratulations my friend, now bask in the soothing waters.

[–] ZaxLofful@alien.top 1 points 1 year ago

I use Authentik or keycloak for this stuff, that way I’m not actually running LDAP; just a connector!