Ask HN: Self-hosted AD/Entra ID alternative that works with Windows and Linux?

2•marenkay•2h ago

I'm working on an open-source identity platform (Rust, AD-compatible, native OIDC) and trying to figure out whether this is a real problem or something I've convinced myself matters.

The idea is: replace Microsoft AD/Entra ID with something you can self-host, that handles Windows domain join AND Linux login AND modern auth protocols.

Current options seem to be:

- stay with Microsoft AD (the original beast) - Samba AD (works but painful, no modern protocols) - UCS/Zentyal (wrap Samba, heavyweight) - Keycloak/Authentik/etc (no Windows domain support)

My questions:

- How do you handle identity across Windows and Linux today? Is it painful? - Have you actually looked for alternatives, or is AD "good enough"? - Would sovereignty/self-hosting be a important for you, or is that just talk?

I am having a lot of fun building and using this but I severely wonder if this is just a me problem. Help a guy out? :-)

Comments

reliefcrew•1h ago

> Have you actually looked for alternatives, or is AD "good enough"?

TBH, I always thought YP/NIS was good enough... but I live in a tiny bubble. Obligatory:

https://xkcd.com/927/

P.S. Your cert for https://kogito.network/ is expired :(

marenkay•1h ago

Honestly, I wish I could stick with LDAP forever, it just worked. But no. My first setup in 2004 was OpenLDAP all the way for every service.

I am moving to a new server over Christmas, thanks for telling though :-)

reliefcrew•1h ago

Yeah, it's a big world and it has a clever way of getting what it wants. On a serious note I'd say you'll just have to balance your design w/ what people are willing to pay for. You probably know this already though :-)

Enjoy the new server!

marenkay•34m ago

Thanks! I sure will, its my first own rack in a new data centre actually :-) kinda a long-term member of the homelab movement

Forget burner phones – you can join this new carrier with just a ZIP code

Bluesky claims its new contact import feature is 'privacy-first'

Is content convergence an incentive problem, not an AI problem?

Show HN: Python SDK – forecasting with foundation time-series and tabular models

DuckDB-PST: ultra-fast querying of MS PST files

U.S. Plans Largest Nuclear Power Program Since the 1970s

tauri-plugin-liquid-glass: Tauri plugin for Apple liquid glass effect

Claude Browser – A browser I built with Claude integrated at the core

Show HN: A faster way to theme Shadcn/UI

Stratechery Year in Review

Why is time going so fast and how do I slow it down?

Military satellites dogfighting as tensions escalate in orbit

Semantic Field Execution: Decoupling Transformers from Runtime Inference

Creating apps like Signal could be 'hostile activity' claims UK watchdog

Producing Open Source Software (2020)

Show HN: NPM package size visualizer using React as the unit of measurement

Build with Specs – Spec-Driven Development Workflow for AI-Assisted Software

Community

What matters in automated form filling?

The Year in AI at Grafana Labs

The Scents of Christmas: Aromatic Plants, Memory, and the Ecology of Celebration

Cowboy Closes ReBirth Deal, Secures New Funding and Restarts Production

The Psychedelic Scientist

Serenely Fast I/O Buffer benchmarked

Siraaj: a lightweight real-time analytics service in Go using DuckDB

Tiny-TSM: Efficiently Training a Lightweight SOTA Time Series Foundation Model

Ask HN: What's the minimal WordPress security hardening you'd trust?

How did IRC ping timeouts end up in a lawsuit?

America's Dirtiest Carbon Polluters, Mapped to Ridiculous Precision

Ancient hunter-gatherer DNA may explain why some people live 100 years or more