{"id":42371976,"url":"https://github.com/doncicuto/glim","last_synced_at":"2026-01-27T19:41:21.469Z","repository":{"id":59410666,"uuid":"302897342","full_name":"doncicuto/glim","owner":"doncicuto","description":"Glim is a simple identity access management system that speaks some LDAP and has a REST API to manage users and groups ","archived":false,"fork":false,"pushed_at":"2025-01-07T09:53:01.000Z","size":1754,"stargazers_count":24,"open_issues_count":5,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-01-07T10:44:44.628Z","etag":null,"topics":["gitea","gitlab","golang","guacamole","harbor","ldap","ldap-authentication","ldap-server","opennebula","rancher","rest"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/doncicuto.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-10-10T12:31:02.000Z","updated_at":"2025-01-07T09:53:05.000Z","dependencies_parsed_at":"2025-01-08T21:15:22.810Z","dependency_job_id":null,"html_url":"https://github.com/doncicuto/glim","commit_stats":{"total_commits":231,"total_committers":2,"mean_commits":115.5,"dds":0.008658008658008698,"last_synced_commit":"f5da4009a8036db5bf742140b0ca172b3dbbb021"},"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/doncicuto/glim","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/doncicuto%2Fglim","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/doncicuto%2Fglim/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/doncicuto%2Fglim/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/doncicuto%2Fglim/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/doncicuto","download_url":"https://codeload.github.com/doncicuto/glim/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/doncicuto%2Fglim/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28819597,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-27T18:44:20.126Z","status":"ssl_error","status_checked_at":"2026-01-27T18:44:09.161Z","response_time":168,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["gitea","gitlab","golang","guacamole","harbor","ldap","ldap-authentication","ldap-server","opennebula","rancher","rest"],"created_at":"2026-01-27T19:41:20.705Z","updated_at":"2026-01-27T19:41:21.464Z","avatar_url":"https://github.com/doncicuto.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Glim\n\nGlim is a simple identity access management system that speaks some LDAP and is written in Go. Glim stands for Golang LDAP Identity Management πŸ˜„\n\n## Why Glim\n\nWhy not? In my case I use several tools that require a user and password to get access. Sure, we could use our Google, Twitter, Github accounts, but some of those open source tools prefer the good old LDAP protocol to authenticate, manage groups and store account information.\n\nIt's remarkable that LDAP was designed a long time ago and it's still alive and kicking. We all should develop our protocols and software in a way that they can be useful for years.\n\nI've used LDAP servers like OpenLDAP, ApacheDS and 389DS to run my directory and used CLI or Apache Directory Studio to manage it. All of these tools are serious projects and are the best tools available when you need real LDAP servers.\n\nThe fact is that when using LDAP for authentication I've found that:\n\n- I don't usually need all the batteries included with those LDAP servers.\n- You need more time to learn how to manage and maintain those servers.\n- If you want to use CLI tools, you need some time to spend learning things like LDAP schemas or LDIF (LDAP Data Interchange Format).\n- It's hard to find an open source LDAP server that offers a REST API.\n\nFinally I decided to develop my own simple identity management system that can be used with LDAP bind operations for authentication purposes and stores my team users accounts and group information. I wanted that simple server to spoke enough LDAP for my authentication purposes.\n\nIf you're looking for a full LDAP server replacement that fully understands schemas or complex search filters, please use the serious battle-tested staff, but if you want a server that can:\n\n- Answer LDAP authentication (bind) and search queries sent by your applications\n- Store your users and groups in a SQL database (Postgres or SQLite)\n- Manage your users and groups with simple CLI commands\n- Provide a simple REST API that you can use with your applications\n- Be used for your automated tests...\n\nplease try Glim and help me to improve it and visit the [wiki](https://github.com/doncicuto/glim/wiki) for more information about Glim (configuration examples, docker, advanced topics...)\n\n## Try it with Docker πŸ‹\n\nPlease, visit the [wiki section](https://github.com/doncicuto/glim/wiki/Docker) about Docker, but in a nutshell follow these steps to run Glim with Docker:\n\n1. Create a temp folder: `mkdir /tmp/glim`\n\n2. Run a server using the following command: `docker run -e GLIM_API_SECRET=\"yourapisecret\" -v /tmp/glim:/home/glim/.glim --name glim -p 1323:1323 -p 1636:1636 -d sologitops/glim`\n\n3. Check your logs and see the passwords that have been generated automatically:\n\n```bash\ndocker logs -f glim\n\n...\n------------------------------------- WARNING -------------------------------------\nA new user with manager permissions has been created:\n- Username: admin\n- Password Dg9FXUkrs6aOTqhMkKLW3ESvmsQvS4Bm6g12WAamQ9cbzRfxEdxpL7NEsOlyZax2\nPlease store or write down this password to manage Glim.\nYou can delete this user once you assign manager permissions to another user\n-----------------------------------------------------------------------------------\n\n------------------------------------- WARNING -------------------------------------\nA new user with read-only permissions has been created:\n- Username: search\n- Password WgkJeRgAuRzdPncgj50f9TXAtN9NbGiAqDn8pRvlxW7vJetGeSy4zf2aMTEc1X4G\nPlease store or write down this password to perform search queries in Glim.\n-----------------------------------------------------------------------------------\n```\n\n4. Open a terminal and play with Glim\n\n```bash\ndocker exec -it glim /app/glim login\nUsername: admin\nPassword: \nLogin Succeeded\n```\n\n## Try it in K8s ☸️\n\nYou can deploy Glim using a Helm chart.\n\nAdd my repository to Helm:\n\n```bash\nhelm repo add doncicuto https://doncicuto.github.io/helm-charts/\n```\n\nInstall Glim chart:\n\n```bash\nhelm install glim sologitops/glim\n```\n\nVisit [https://github.com/doncicuto/glim-chart](https://github.com/doncicuto/glim-chart) to know more about the values you can use with this chart.\n\nIf you have any problems or suggestions with this chart, please open an issue.\n\n## How does it work\n\n```(bash)\n$ GLIM_API_SECRET=\"mysecret\" glim server start\n\n\u003e Glim starts a LDAP server (port 1636) and a REST API (port 1323).\n\n$ glim login -u cedric.daniels\nPassword: \nLogin Succeeded\n\n$ glim user\n\nUID USERNAME FULLNAME EMAIL GROUPS MANAGER READONLY LOCKED \n1 admin LDAP administrator none true false false \n2 search none false true false \n3 cedric.daniels Cedric Daniels cedric.daniels@ba... none true false false \n4 kima.greggs Kima Greggs kima.greggs@balti... none false false false \n5 jimmy.mcnulty Jimmy McNulty jimmy.mcnulty@bal... none false false false\n\n$ glim group create -n homicides -d \"Homicides\" -m jimmy.mcnulty,kima.greggs,cedric.daniels\nGroup created\n\n$ glim group\n\nGID GROUP DESCRIPTION MEMBERS \n1 homicides Homicides Department cedric.daniels, kima.greggs, jimmy.mcnulty\n\n$ glim user create -u lester.freamon -e lester.freamon@baltimorepolice.org\nPassword:\nConfirm password:\nUser created\n\n$ glim user rm -u jimmy.mcnulty\nUser account deleted\n\n$ LDAPTLS_CACERT=/home/cedric/.glim/ca.pem ldapwhoami -x -D \"cn=admin,dc=example,dc=org\" -W -H ldaps://127.0.0.1:1636\nEnter LDAP Password:\ndn:cn=admin,dc=example,dc=org \n\n$ glim logout\n\n$ glim server stop\n```\n\nBy default, Glim server will listen on 1323 TCP port (REST API) and on 1636 TCP (LDAPS) port and only TLS communications will be allowed in order to secure credentials and data exchange. You can set the IP address and port used for both servers using *--ldap-addr* and *--rest-addr*. If you start Glim with *--ldap-no-tls* you can disable tls encryption for Glim's LDAP server.\n\nWhile I understand that you don't want to use certificates for testing, I feel that it is a good practice to use certificates from the beginning. Glim can create a fake CA and generate client and server certificates and matching private keys for testing purposes.\n\nIf you start the Glim server without specifying your CA and server certificates, Glim will create a fake CA and generate certificates for your operations that will be by default at $HOME/.glim.\n\nWhen using the CLI a REST API will be consumed using TLS. You should use the --tlscacert flag to specify the path to your Root CA pem file or store it as ca.pem in the .glim directory at your user HOME directory. Failing to provide a valid CA pem file you'll receive the following error message:\n\n```(bash)\nCould not find required CA pem file to validate authority\n```\n\n## FAQ\n\n1. Which applications can use Glim to authenticate users?\n\n \u003e In theory Glim can be used with any application that use common methods to authenticate users with LDAP but so far Glim has been tested with: Gitea, Harbor, Portainer CE, Apache Guacamole, OpenNebula, Gitlab CE and Kanboard and you can find configuration examples in the wiki. If your application can't use Glim please let us know.\n\n2. Is Glim a proxy for LDAP requests that can be sent to LDAP backends?\n\n \u003e No. Glim stores users and groups in a SQL database (SQLite or Postgres). \n\n3. Can I add or delete users or groups using LDIF files?\n\n \u003e No. You can use Glim's CLI to manage your users and groups easier.\n\n4. Can I use phpLDAPadmin, Apache Directory Studio or other LDAP GUI tool?\n\n \u003e Not currently. Glim cannot answer Root DSE requests or add/delete LDAP operations. Open a discussion if you find this feature useful so it can be added to the roadmap.\n\n5. Does Glim support anonymous bind?\n\n \u003e Nope. Glim comes with a search user (readonly) that you can use to bind and search information\n\n6. Does Glim have a web user interface?\n\n \u003e Not for now, but open a discussion if you need a web management tool that will use Glim's REST API.\n\n## Limitations / Caveats\n\n1. You can start and stop your Glim server using `glim server [start|stop]` but if you are running Glim on a Windows machine, the stop command will fail and you will have to stop it using Ctrl+C, this is due a limitation with signal handling in Windows. In a future version this behavior could be changed if I find a workaround for prospective Windows users.\n\n2. Glim cannot reply to Root DSE requests, so you cannot use LDAP tools like Apache Directory Studio or phpLDAPadmin to browse or manage your directory.\n\n3. Alias dereferencing in search requests is not supported.\n\n### Acknowledgments\n\nMany thanks to @johnweldon and all the contributors for [https://github.com/go-asn1-ber/asn1-ber](https://github.com/go-asn1-ber/asn1-ber).\n\nAlso, many thanks to @labstack for the [Echo framework](https://github.com/labstack/echo).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdoncicuto%2Fglim","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdoncicuto%2Fglim","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdoncicuto%2Fglim/lists"}