Well you can host a Docker image of an openldap container, secured by SSL certification (in my experience, Let's Encrypt works for this, just take care to not expose the ldap port, only ldaps) and prevented from unauthorized access by denying anonymous binds.
Using service accounts you can then have other cloud services like Atlassian, Slack or Gitlab authenticate against the LDAP server.
Ad phone equipment: Asterisk in Docker combined with a VoIP provider (and exposing a SIP server) can work, but I have not tried this in practice. It should support standard Android and iOS SIP clients, but beware that this will drain your battery life due to permanent connections and keepalives - I don't know how easy (and supported) push notifications for calls are. Also, going from the VoIP provider through a questionable (in terms of QoS) Docker hoster to your phone will introduce a measurable latency, and the re-coding that may happen in Asterisk can also negatively affect audio quality.
Well you can host a Docker image of an openldap container, secured by SSL certification (in my experience, Let's Encrypt works for this, just take care to not expose the ldap port, only ldaps) and prevented from unauthorized access by denying anonymous binds.
When I set all this up, Docker wasn't even a thing, so it's nice to have that as an option now.
For VoIP, the hardware itself is a pain, though the open-standards software side of things is a pain too.
To deal with QoS issues, we have previously had POTS lines from AT&T plugged into a phone card on the server. So we've got that wonderful digital -> analog -> digital conversion in there.
We've recently switched to Comcast, which has a box with... analog phone ports coming out of it. So we've still got the digital -> analog -> digital conversion, plus any QoS issues on Comcast's last-mile network. Though that hasn't seemed to be a problem, so maybe they've got that figured out. And no, they didn't offer a SIP solution, at least not to us.
As you allude to, I don't see a SIP based solution for our mobile devices as viable, because of the battery drain and roaming. I really just wanted to use Skype or something similar. Who calls me on my desk phone anymore? I'll tell you who, sales people. I don't give out my desk phone number, I'd really rather you just send me an email. If you are important enough, I'll give you my mobile phone number, but that's rare.
Using service accounts you can then have other cloud services like Atlassian, Slack or Gitlab authenticate against the LDAP server.
Ad phone equipment: Asterisk in Docker combined with a VoIP provider (and exposing a SIP server) can work, but I have not tried this in practice. It should support standard Android and iOS SIP clients, but beware that this will drain your battery life due to permanent connections and keepalives - I don't know how easy (and supported) push notifications for calls are. Also, going from the VoIP provider through a questionable (in terms of QoS) Docker hoster to your phone will introduce a measurable latency, and the re-coding that may happen in Asterisk can also negatively affect audio quality.