Search self-host user groups and access management
from ratatouille@feddit.org to selfhosted@lemmy.world on 09 Mar 12:29
https://feddit.org/post/26871125

While speaking with a colleague who is working in a small company he told me, that the lost track about user right management. They had a an excel table where they tracked all user groups and special rights users in the company have. But depending on some changes in the company structure, they got problems.

Is there any selfhosting software to manage usergroups, teams and userrights in a modern UI? It should be abe to set also data owner and so may keep track on non Active-Directory data.

!selfhost@lemmy.ml

#selfhosted

threaded - newest

non_burglar@lemmy.world on 09 Mar 19:20 next collapse

This is a problem solved for decades by LDAP. There are many, many management and audit frontends for LDAP.

mhzawadi@lemmy.horwood.cloud on 10 Mar 00:31 collapse

LDAP is the Linux equivalent of a window domain controller, but it can be used by a wide variety of other systems as authentication and authorisation.

Linux it’s self can use it too

non_burglar@lemmy.world on 10 Mar 06:00 collapse

LDAP is the Linux equivalent of a window domain controller

I assume you meant “Active Directory”. AD is based on a heavily modified LDAP schema, but they are interoperable. AD adds a LOT of extra functionality on top of the auth part of it, however.

Linux it’s self can use it too

That’s why I suggested it.

mhzawadi@lemmy.horwood.cloud on 10 Mar 06:02 collapse

it was more for anyone who doesnt know LDAP

slazer2au@lemmy.world on 10 Mar 00:48 next collapse

There is a section on Identity Management in the awesome sysadmin repo.

github.com/awesome-foss/awesome-sysadmin?tab=read…

But if they are using O365 or Google Workspace they both come with Identity Management

moonpiedumplings@programming.dev on 11 Mar 12:32 next collapse

  1. Use an Identity Provider (IDP)*. Other people have mentioned LDAP, which can play this role.

  2. Use groups within the IDP to declare who has what privileges.

  3. Apps using the IDP for auth can read the groups and allow/deny permissions based on groups.

*Or Identity and Access Management if you are in the cloud ig.

For open source solutions, I would recommend:

  • Authentik (what I use)
  • Kanidm (doesn’t have web ui)
  • Nubus by Univention

These three solutions all have invites, ldap, and can act as oauth providers. (Oauth is single sign on), which are the features I want. There are also integrated, including it all in the one app.

There is also LLDAP, which is a web ui for ldap, and then you could use a service that connects to that, like authelia or keycloak, to add oauth on top.

moonpiedumplings@programming.dev on 11 Mar 13:06 collapse

Second comment, but also check out midpoint by evoloum: docs.evolveum.com/iam/

It is a modern web frontend on top of Active Directory.