Authelia and Lldap: Authentication, SSO, User Management... for Home Networks

While authelia is quite cool "infra-as-code" tool, since you have your entire configuration in yaml form, for those not willing to spend a few evenings configuring SSO, there is authentik [1] which features management UI.

Offers similar feature set, also self-hostable, but most importantly - simple to set-up. I've spent 8h on authelia deployment, where 30 minutes in authentik would be sufficient. But both are good options, pick what you prefer.

1: https://goauthentik.io/

Kanidm is another similar tool for user management I've been enjoying. It has a strong focus on safe defaults and supports exposing the users via LDAP ootb. It's fairly simple to set up as well, but I feel like it sometimes expects the users to be fairly technical.

Bizarre coincidence. I just ran into lldap for the first time earlier today. I built it on Windows for fun. I'm new to Rust and it was surprisingly easy (and only needed very slight modification).

If I were going to support Windows clients on the hypothetical home network, however, I'd use Samba as a Domain Controller and use the LDAP server there. That gets you SSO to Windows clients too.

Those who do not want to choose e-mail as the notification method can take a look at ntfy.sh (https://github.com/binwiederhier/ntfy). You can receive notifications via your smartphone (Android, iOS). A self-hosted server can also be used.

I've been using freeipa[1] in the past, it wasn't specifically easy to setup, but is well designed, documented, and supported. Plus, it's able to manage certificates. But to use more "modern" techs, like OpenID, Keycloak will be needed.

-- [1] https://www.freeipa.org/

Getting this stack set up is not as complicated as this post makes it seem... LLDAP is great and the dev was very responsive when I had issues with some early builds.

Plenty of documentation around on getting Authelia set up, and connecting it to LLDAP is also pretty straightforward.

LLDAP dev here! I'm happy to see it on the front page :) I made LLDAP specifically because it was very complicated to get OpenLDAP up and running, and it was resource heavy for a handful of users on a self-hosted server. If you have any questions, AMA!

I want to set up something like this for my home network. The one thing missing that I'd also like is a way for users to log in to windows machines using these credentials. I understand that is also possible via Kerberos, but... Well, it takes some time to understand these things, me not doing a whole lot of sysadmin work ...

It also seems the author has a more recent post about using Samba as an AD controller, and that would be an alternative to this setup right here:

https://helgeklein.com/blog/samba-active-directory-in-a-dock...

I use authelia with nginx proxy manager talking to it for auth, works well. Haven't externalized the users since I only have a few to deal with, but it's cool having an entire suite of sites protected and provides http headers to grab the logged in user's information.

This caught my eye and I started reading over it but my eyes glazed over after a couple of sections of setting up various docker containers in various zfs directory structures and editing toml configuration files and zzzz…

Here’s a hint: for 99.999% of potential users, including 99.9% of motivated, technically savvy users, if I need to know the directory structure of your software, then you already failed.

I appreciate that you went through all the pain and learning and effort to figure out how to set all this up AND went to the trouble to write down a how to guide.

I hope someone comes later and bundles it up into a script I can launch that will prompt me for the various config options and then set it all up for me.

ah, I wish I could sneak into something ready for traefik and docker swarm :)