2
submitted 1 year ago by Lensim@alien.top to c/main@selfhosted.forum

Hello,

I'm currently on my way to set up a compagny server for a small team (10-20 users). I am looking for a self hosted solution to create user accounts for collaborator and give permissions to access to our different service ( our own gitlab, Teamcity, WikiJS, Redmine, ...) according to their "group" (developper, DevOps, QA, Project Manager, ...). I want a simple user interface if possible because it will be maintained by non adminsys people.

I think for an easy integration of all the service the solution has to be provide an LDAP domain.

Is there a solution to my requirement ?

I found :

  • Authentik
  • Keycloak
  • Authelia

Thank you !

top 2 comments
sorted by: hot top controversial new old
[-] CyqixNewsAlt@alien.top 1 points 1 year ago

Something you might want to consider given you mention "it should be managed by a non sysadmin"- What happens when something goes wrong and you cant access anything?

As much as i like to self host what I can, sometimes it is worth considering other options

[-] indykoning@alien.top 1 points 1 year ago

Having to connect everything via LDAP actually seems to be the more difficult way.

For managing Authentication but also authorization OpenID and SAML are easier to set up and easier to secure in my opinion. They also allow to manage multiple groups and permissions.

Unlike LDAP these options send you to the Auth server where you can centrally manage 2FA as well as additional login methods (e.g. if your company uses Gsuite, use that to log in)

Though I've had to use LDAP for some things as well, I went with Authentik since it can do all of these. Users and groups are easy to manage. And you can block access in Authentik already instead of having to manage access by group in each application

this post was submitted on 22 Oct 2023
2 points (100.0% liked)

Self-Hosted Main

504 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS