Super Owl2d ago
It's news to me that #Microsoft now recommends migrating away from Active Directory. I'm wondering if the #Linux Foundation (or any well-funded competitor to microsoft, who favors Open Source) has noticed this, and has plans to develop or offer an #OpenSource alternative for Active Directory, which isn't owned or controlled by Microsoft in any way? #infosec #eu #germany
"Retiring Active Directory for Infrastructure with Entra ID":
https://www.egroup-us.com/news/retiring-active-directory-infrastructure-entra-id/
Retiring Active Directory for Infrastructure with Entra ID

Learn how to retire Active Directory using Entra ID & Azure Arc for secure, modern identity and access management.

eGroup US
Show threadck02d ago
@gtsadmin You mean something like FreeIPA ?
Show threadSuper Owl2d ago
@ck0 Please oh please, not something LDAP-based. Could the database backend please be in some sort of likable database, like Postgresql, or SQlite?
Show threadck02d ago

@gtsadmin AD is LDAP with Kerberos. I'm with you I don't like much LDAP (and especially OpenLDAP which isn't packaged in FreeIPA), but to replace a LDAP service you still need one which can talk LDAP.

For the backend, there are few LDAP servers using an SQL backends, or even flat files if it's for tests.

But for a corporate env (which is the FreeIPA target, and I though what you were talking about), what do you care how is built the backend. As a replacement of an AD, management UI are required, and no one will debug the LDAP by hand.

Show threadSuper Owl
@ck0 Thanks for your suggestions. After going down a rabbit hole, I think the closest thing to what I'm interested in would be this project:
"OAuth 2.0 & OIDC Auth Server and Identity Provider"
https://github.com/vigiloauth/vigilo
It's #OpenSource, and it's written in #Golang. Having said this, it's only alpha quality at this time, and has been sitting stale for a year. Some sort of funding/money would be great to keep this project moving forward. IMHO, it should be organizations such as the #LinuxFoundation or maybe even #NLnet who should be taking an interest in this.

Honorable mention to lemonldap-ng (has stock Debian packages, and they have a Mastodon account), but I sort of disqualified it from consideration owing to LDAP (I'd like to just 100% leave it behind, same with SAML), and also that it's written in Perl.
GitHub - vigiloauth/vigilo: OAuth 2.0 & OIDC Auth Server and Identity Provider

OAuth 2.0 & OIDC Auth Server and Identity Provider - vigiloauth/vigilo

GitHub
May 29 at 12:00amWeb
Show threadck02d ago
@gtsadmin If you would like to have an OAuth service, take a look at Keycloak. I've often encountered it at different jobs.
Show threadSuper Owl2d ago
@ck0 Thanks for that! The #LinuxFoundation does support Keycloak!