I've been considering setting up a Gluu [1] instance for some of my services. It supposedly supports LDAP as well as OpenID and Oauth2 for authentication as well as RADIUS. From what I can tell, this would fit your use case perfectly fine. It's available as open source software but the company behind it is selling it as well in case you'd like a support contract.
Note that I haven't set it up myself yet, it's still on my ever-growing list of "tools I have to take a good look at sometime in the future". It does seem like a very good piece of software though.
Just want to say that I've met the lead developer of Gluu randomly at a gitlab hackathon / party in portland. It seems like they've got a really nice product and he was extremely knowledgeable along with very likable.
I've never used it, but if I needed to do something like the GP asked, I'd definitely give it a look.
Note that I haven't set it up myself yet, it's still on my ever-growing list of "tools I have to take a good look at sometime in the future". It does seem like a very good piece of software though.
[1] https://www.gluu.org/