The only alternative I know of that goes close to what FreeIPA does (minus the cert part) is kanidm. It does:
- oauth2
- ssh key distribution
- RADIUS
- PAM/SSSD
- LDAP
I just noticed they have a beta for multimaster replication, which is nice.
I use it at home. Note, though, that it does not do any hand-holding, and all configuration is done through CLI. Also note, there are docs for the stable or dev branch and there sometimes are big differences between the two.
They only provide an image at the moment, unfortunately. V4L2 is not supported, from what I read, which complicates support…