Hacker News: Ask HN: Self-hosted AD/Entra ID alternative that works with Windows and Linux?

Ask HN: Self-hosted AD/Entra ID alternative that works with Windows and Linux?

2 points • marenkay • about 14 hours ago • 7 comments

I'm working on an open-source identity platform (Rust, AD-compatible, native OIDC) and trying to figure out whether this is a real problem or something I've convinced myself matters.

The idea is: replace Microsoft AD/Entra ID with something you can self-host, that handles Windows domain join AND Linux login AND modern auth protocols.

Current options seem to be:

- stay with Microsoft AD (the original beast) - Samba AD (works but painful, no modern protocols) - UCS/Zentyal (wrap Samba, heavyweight) - Keycloak/Authentik/etc (no Windows domain support)

My questions:

- How do you handle identity across Windows and Linux today? Is it painful? - Have you actually looked for alternatives, or is AD "good enough"? - Would sovereignty/self-hosting be a important for you, or is that just talk?

I am having a lot of fun building and using this but I severely wonder if this is just a me problem. Help a guy out? :-)