I use OpenLDAP for my source of truth (user base) and have Authelia configured to use that for users.
Authelia supports acting as an OIDC provider as well as an auth source for apps I host behind Nginx.
For apps that support LDAP, they’re plumbed directly in to that and apps using more modern auth schemes (or apps that don’t support either OIDC/LDAP) are protected by Authelia - they use the same userbase in LDAP.
OpenLDAP isn’t easy, though, so you might want to look at something like FreeIPA or 389 Directory Server instead.
I’ve looked at that, but not lately. Last I checked, it was kind of pseudo-LDAP and only really focused on user authentication. I can’t read through it now, but will check it out later. For OP’s purposes, though, yeah, that should do nicely as a user base for Authelia.
My LDAP server also backs my DHCP, DNS, SMTP/IMAP, SIP, and a few other things beyond user auth, so I kind of need a full LDAP server. The good thing is once you get OpenLDAP setup (and get a good grasp of the
cn=config
schema), it’s pretty easy to manage with Apache Directory Studio. Getting to that point, though, lol, is quite a mountain to climb.