Authelia and Lldap: Authentication, SSO, User Management for Home Networks

While authelia is quite cool &quot;infra-as-code&quot; tool, since you have your entire configuration in yaml form, for those not willing to spend a few evenings configuring SSO, there is authentik [1] which features management UI.<p>Offers similar feature set, also self-hostable, but most importantly - simple to set-up. I&#x27;ve spent 8h on authelia deployment, where 30 minutes in authentik would be sufficient. But both are good options, pick what you prefer.<p>1: <a href="https:&#x2F;&#x2F;goauthentik.io&#x2F;" rel="nofollow">https:&#x2F;&#x2F;goauthentik.io&#x2F;</a>

Kanidm is another similar tool for user management I&#x27;ve been enjoying. It has a strong focus on safe defaults and supports exposing the users via LDAP ootb. It&#x27;s fairly simple to set up as well, but I feel like it sometimes expects the users to be fairly technical.

Bizarre coincidence. I just ran into lldap for the first time earlier today. I built it on Windows for fun. I&#x27;m new to Rust and it was surprisingly easy (and only needed very slight modification).<p>If I were going to support Windows clients on the hypothetical home network, however, I&#x27;d use Samba as a Domain Controller and use the LDAP server there. That gets you SSO to Windows clients too.

Those who do not want to choose e-mail as the notification method can take a look at ntfy.sh (<a href="https:&#x2F;&#x2F;github.com&#x2F;binwiederhier&#x2F;ntfy">https:&#x2F;&#x2F;github.com&#x2F;binwiederhier&#x2F;ntfy</a>). You can receive notifications via your smartphone (Android, iOS). A self-hosted server can also be used.

I&#x27;ve been using freeipa[1] in the past, it wasn&#x27;t specifically easy to setup, but is well designed, documented, and supported. Plus, it&#x27;s able to manage certificates. But to use more &quot;modern&quot; techs, like OpenID, Keycloak will be needed.<p>-- [1] <a href="https:&#x2F;&#x2F;www.freeipa.org&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.freeipa.org&#x2F;</a>

Getting this stack set up is not as complicated as this post makes it seem... LLDAP is great and the dev was very responsive when I had issues with some early builds.<p>Plenty of documentation around on getting Authelia set up, and connecting it to LLDAP is also pretty straightforward.

LLDAP dev here! I&#x27;m happy to see it on the front page :) I made LLDAP specifically because it was very complicated to get OpenLDAP up and running, and it was resource heavy for a handful of users on a self-hosted server. If you have any questions, AMA!

I want to set up something like this for my home network. The one thing missing that I&#x27;d also like is a way for users to log in to windows machines using these credentials. I understand that is also possible via Kerberos, but... Well, it takes some time to understand these things, me not doing a whole lot of sysadmin work ...<p>It also seems the author has a more recent post about using Samba as an AD controller, and that would be an alternative to this setup right here:<p><a href="https:&#x2F;&#x2F;helgeklein.com&#x2F;blog&#x2F;samba-active-directory-in-a-docker-container-installation-guide&#x2F;" rel="nofollow">https:&#x2F;&#x2F;helgeklein.com&#x2F;blog&#x2F;samba-active-directory-in-a-dock...</a>

I use authelia with nginx proxy manager talking to it for auth, works well. Haven&#x27;t externalized the users since I only have a few to deal with, but it&#x27;s cool having an entire suite of sites protected and provides http headers to grab the logged in user&#x27;s information.

This caught my eye and I started reading over it but my eyes glazed over after a couple of sections of setting up various docker containers in various zfs directory structures and editing toml configuration files and zzzz…<p>Here’s a hint: for 99.999% of potential users, including 99.9% of motivated, technically savvy users, if I need to know the directory structure of your software, then you already failed.<p>I appreciate that you went through all the pain and learning and effort to figure out how to set all this up AND went to the trouble to write down a how to guide.<p>I hope someone comes later and bundles it up into a script I can launch that will prompt me for the various config options and then set it all up for me.

ah, I wish I could sneak into something ready for traefik and docker swarm :)