• Stars
    star
    2,443
  • Rank 18,821 (Top 0.4 %)
  • Language
    Go
  • License
    MIT License
  • Created over 6 years ago
  • Updated about 2 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A lightweight LDAP server for development, home use, or CI

GLAuth: LDAP authentication server for developers

Go-lang LDAP Authentication (GLAuth) is a secure, easy-to-use, LDAP server w/ configurable backends.

Gitter Matrix

GitHub all releases Docker pulls

GitHub last commit (branch) Code Climate maintainability

  • Centrally manage accounts across your infrastructure
  • Centrally manage SSH keys, Linux accounts, and passwords for cloud servers.
  • Lightweight alternative to OpenLDAP and Active Directory for development, or a homelab.
  • Store your user directory in a file, local or in S3; SQL database; or proxy to existing LDAP servers.
  • Two Factor Authentication (transparent to applications)
  • Multiple backends can be chained to inject features

Use it to centralize account management across your Linux servers, your OSX machines, and your support applications (Jenkins, Apache/Nginx, Graylog2, and many more!).


Documentation

πŸ‘‰ The latest version of GLauth's documentation is available at https://glauth.github.io/ πŸ‘ˆ


Quickstart

Get started in three short steps

Usage:

glauth: securely expose your LDAP for external auth

Usage:
  glauth [options] -c <file|s3url>
  glauth -h --help
  glauth --version

Options:
  -c, --config <file>       Config file.
  -K <aws_key_id>           AWS Key ID.
  -S <aws_secret_key>       AWS Secret Key.
  -r <aws_region>           AWS Region [default: us-east-1].
  --ldap <address>          Listen address for the LDAP server.
  --ldaps <address>         Listen address for the LDAPS server.
  --ldaps-cert <cert-file>  Path to cert file for the LDAPS server.
  --ldaps-key <key-file>    Path to key file for the LDAPS server.
  -h, --help                Show this screen.
  --version                 Show version.

Configuration:

GLAuth can be deployed as a single server using only a local configuration file. This is great for testing, or for production if you use a tool like Puppet/Chef/Ansible:

glauth -c glauth.cfg

Here's a sample config wth hardcoded users and groups:

[backend]
  datastore = "config"
  baseDN = "dc=glauth,dc=com"
[[users]]
  name = "hackers"
  uidnumber = 5001
  primarygroup = 5501
  passsha256 = "6478579e37aff45f013e14eeb30b3cc56c72ccdc310123bcdf53e0333e3f416a"   # dogood
  sshkeys = [ "ssh-dss AAAAB3..." ]
[[users]]
  name = "uberhackers"
  uidnumber = 5006
  primarygroup = 5501
  passbcrypt = "243261243130244B62463462656F7265504F762E794F324957746D656541326B4B46596275674A79336A476845764B616D65446169784E41384F4432"   # dogood
[[groups]]
  name = "superheros"
  gidnumber = 5501

More configuration options are documented here and in this sample file

Backends:

For advanced users, GLAuth supports pluggable backends. Currently, it can use a local file, S3 or an existing LDAP infrastructure. Through the use of optional plugins, you can connect SQL databases, PAM, and other datastores.

[backend]
  datastore = "ldap"
  servers = [ "ldaps://server1:636", "ldaps://server2:636" ]

Stargazers over time

Stargazers over time