LLDAP

LLDAP is a lightweight authentication server that provides an opinionated, simplified LDAP interface for managing users and groups. It is designed to be easy to set up and operate compared to full LDAP suites, while still integrating with many services that support LDAP authentication.

Key Features

• Simplified LDAP directory structure focused on users and groups
• Web UI for user and group management, including self-service profile edits
• Password reset via email when SMTP is configured
• Group membership support via memberOf for common LDAP filters
• Custom attributes management (for compatibility with specific integrations)
• Multiple storage backends: SQLite by default, with MySQL/MariaDB and PostgreSQL options
• Scriptable management via a GraphQL API
• Optional LDAPS support for encrypted LDAP connections

Use Cases

• Central user directory for self-hosted apps that support LDAP (for example file sync and media apps)
• LDAP backend (“source of truth”) for an SSO layer such as Authelia, Authentik, or Keycloak
• Lightweight user/group management for homelabs and small organizations

Limitations and Considerations

• Not a full-featured LDAP server by design; some advanced LDAP features and browsing tools may not work as expected
• Does not support providing password hashes for services that validate passwords locally (known incompatibility category)

LLDAP is a pragmatic choice when you need LDAP compatibility for authentication without the complexity of running a full LDAP stack. It works best as a simple user and group directory paired with other components for SSO and access control when needed.