{"id":29224710,"url":"https://github.com/g0dscookie/ldapauthd","last_synced_at":"2026-04-29T07:35:01.465Z","repository":{"id":113434609,"uuid":"168099965","full_name":"g0dsCookie/ldapauthd","owner":"g0dsCookie","description":"Simple HTTP ldap auth daemon","archived":false,"fork":false,"pushed_at":"2020-04-15T06:18:37.000Z","size":35,"stargazers_count":1,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"stable","last_synced_at":"2025-07-03T06:07:37.670Z","etag":null,"topics":["daemon","docker-container","http","http-authentication","ldap-authentication"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/g0dsCookie.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-01-29T06:12:14.000Z","updated_at":"2020-04-14T12:26:01.000Z","dependencies_parsed_at":null,"dependency_job_id":"c2ecf1af-e646-49f5-9e2c-56f3267d3ee0","html_url":"https://github.com/g0dsCookie/ldapauthd","commit_stats":null,"previous_names":[],"tags_count":11,"template":false,"template_full_name":null,"purl":"pkg:github/g0dsCookie/ldapauthd","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/g0dsCookie%2Fldapauthd","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/g0dsCookie%2Fldapauthd/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/g0dsCookie%2Fldapauthd/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/g0dsCookie%2Fldapauthd/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/g0dsCookie","download_url":"https://codeload.github.com/g0dsCookie/ldapauthd/tar.gz/refs/heads/stable","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/g0dsCookie%2Fldapauthd/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32416146,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-29T06:29:02.080Z","status":"ssl_error","status_checked_at":"2026-04-29T06:29:00.631Z","response_time":110,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["daemon","docker-container","http","http-authentication","ldap-authentication"],"created_at":"2025-07-03T06:07:34.539Z","updated_at":"2026-04-29T07:35:01.457Z","avatar_url":"https://github.com/g0dsCookie.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ldapauthd\n\nThis is a simple HTTP server which allows you to authenticate against ldap with a HTTP GET request. This daemon is designed to run behind a reverse proxy (haproxy, nginx, apache2, ...).\n\n- [ldapauthd](#ldapauthd)\n- [Usage](#usage)\n  - [Examples](#examples)\n    - [Curl](#curl)\n    - [Traefik](#traefik)\n- [Installation](#installation)\n  - [Local](#local)\n  - [Docker](#docker)\n- [Configuration](#configuration)\n  - [Examples](#examples-1)\n    - [LDAP_ALLOWEDUSERS](#ldapallowedusers)\n    - [LDAP_ALLOWEDGROUPS](#ldapallowedgroups)\n- [Special Thanks](#special-thanks)\n\n# Usage\n\nTo authenticate against this daemon you only need to fire a GET request with base64 encoded **Authentication** HTTP header.\n\n## Examples\n\n### Curl\n\n`$ curl -v --user 'username:password' localhost`\n\n### Traefik\n\n```yaml\nversion: \"3.7\"\nservices:\n  traefik:\n    image: traefik\n    network:\n      - internal\n    [...]\n  auth:\n    image: g0dscookie/ldapauthd\n    network:\n      - internal\n    [...]\n  backend:\n    image: mybackend\n    network:\n      - internal\n    deploy:\n      labels:\n        traefik.enable: \"true\"\n        traefik.frontend.auth.forward.address: \"http://auth\"\n        traefik.frontend.auth.forward.authResponseHeaders: \"X-Forwarded-FullName,X-Forwarded-User,X-Forwarded-Email,X-Forwarded-Role\"\n```\n\n# Installation\n\n## Local\n\n```sh\ngit clone https://github.com/g0dsCookie/ldapauthd.git\ncd ldapauthd\npip install -r requirements.txt\n```\n\nNow you may run with `./ldapauthd.py` but I highly recommend reading [Configuration](#configuration).\n\n## Docker\n\nDocker image **g0dscookie/ldapauthd** is available. See **docker-compose.yml** for configuration and usage of this container.\n\n# Configuration\n\nConfiguration for this daemon is read from the current environment. Available configuration parameters are:\n\n| Environment Variable        | Description                                      | Default                |\n| --------------------------- | ------------------------------------------------ | ---------------------- |\n| LDAPAUTHD_IP                | IP address the daemon should listen on.          | 0.0.0.0                |\n| LDAPAUTHD_PORT              | Port the daemon should listen on.                | 80                     |\n| LDAPAUTHD_LOGLEVEL          | Loglevel the daemon should run on.               | INFO                   |\n| LDAPAUTHD_USER              | User the daemon should be run with.              | nobody                 |\n| LDAPAUTHD_REALM             | String to set in WWW-Authenticate.               | Authorization required |\n| LDAPAUTHD_SESSION_STORAGE   | Choose session storage backend. Available: memcached | memcached          |\n| LDAPAUTHD_SESSION_PREFIX    | Key prefix to avoid collisions inside memcache when running multiple ldapauthd instances | |\n| LDAPAUTHD_SESSION_DOMAIN    | Set domain for your session cookie.              |                        |\n| LDAPAUTHD_SESSION_HOST      | Host address of your session storage.            | localhost:11211        |\n| LDAPAUTHD_SESSION_TTL       | Maximum TTL for sessions in seconds.             | 900                    |\n| LDAPAUTHD_SESSION_RETRY     | How many times to retry session connection       | 1                      |\n| LDAP_LOGLEVEL               | https://ldap3.readthedocs.io/logging.html#logging-detail-level | ERROR    |\n| LDAP_ATTRIBUTES             | Attributes to get from ldap and report to client | {\"cn\": \"X-Forwarded-FullName\", \"mail\": \"X-Forwarded-Email\", \"sAMAccountName\": \"X-Forwarded-User\"} |\n| LDAP_ROLEHEADER             | The header name where the associated role should be stored | X-Forwarded-Role |\n| LDAP_ALLOWEDUSERS           | Allow specific users. Will be matched with given username |               |\n| LDAP_ALLOWEDGROUPS          | Allow specific groups. Will be matched with full group dn |               |\n| LDAP_BASEDN                 | Base DN every search request will be based on.   |                        |\n| LDAP_BINDDN                 | Bind user to use for querying your ldap server.  |                        |\n| LDAP_BINDPW                 | Bind users password.                             |                        |\n| LDAP_BACKENDS               | Comma seperated list of ldap backend names.      |                        |\n| LDAP_\\\u003cNAME\\\u003e_HOST          | Hostname of your domain controller.              |                        |\n| LDAP_\\\u003cNAME\\\u003e_PORT          | Port on your domain controller to connect to.    | 636                    |\n| LDAP_\\\u003cNAME\\\u003e_SSL           | Use SSL for ldap connection.                     | True                   |\n| LDAP_\\\u003cNAME\\\u003e_SSL_VALIDATE  | Verify remote SSL certificate.                   | True                   |\n\n## Examples\n\n### LDAP_ALLOWEDUSERS\n\nUsed to allow specific users and assign specific roles to them. Always overwrites **LDAP_ALLOWEDGROUPS**.\n\nUsers are matched case-insensitive.\n\n`LDAP_ALLOWEDUSERS={\"username\": \"admin\", \"foobar\": \"nobody\"}`\n\n### LDAP_ALLOWEDGROUPS\n\nUsed to allow groups and assign appropriate role to the user. May be overwritten by **LDAP_ALLOWEDUSERS**.\n\nFirst matched group will be used to allow access and assign the role.\n\nGroups are matched case-insensitive.\n\n`LDAP_ALLOWEDGROUPS={\"cn=admins,dc=example,dc=org\": \"admin\", \"cn=domain users,dc=example,dc=org\": \"users\"}`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fg0dscookie%2Fldapauthd","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fg0dscookie%2Fldapauthd","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fg0dscookie%2Fldapauthd/lists"}