{"id":13689468,"url":"https://github.com/libregraph/idm","last_synced_at":"2025-05-01T23:34:38.413Z","repository":{"id":38372721,"uuid":"375732201","full_name":"libregraph/idm","owner":"libregraph","description":"LibreGraph Identity Management","archived":false,"fork":false,"pushed_at":"2024-11-11T11:21:54.000Z","size":491,"stargazers_count":27,"open_issues_count":6,"forks_count":6,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-11-11T12:26:34.131Z","etag":null,"topics":["authentication","hacktoberfest","idm","ldap"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/libregraph.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":"AUTHORS","dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-06-10T14:48:02.000Z","updated_at":"2024-11-11T11:21:51.000Z","dependencies_parsed_at":"2023-02-04T01:46:21.547Z","dependency_job_id":"8ccb2312-e8cd-46b6-ab3f-d5357d6fbe93","html_url":"https://github.com/libregraph/idm","commit_stats":null,"previous_names":[],"tags_count":15,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/libregraph%2Fidm","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/libregraph%2Fidm/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/libregraph%2Fidm/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/libregraph%2Fidm/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/libregraph","download_url":"https://codeload.github.com/libregraph/idm/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224282285,"owners_count":17285800,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","hacktoberfest","idm","ldap"],"created_at":"2024-08-02T15:01:49.003Z","updated_at":"2024-11-12T13:31:48.691Z","avatar_url":"https://github.com/libregraph.png","language":"Go","funding_links":[],"categories":["hacktoberfest"],"sub_categories":[],"readme":"## LibreGraph Identity Management\n\nThe LibreGraph Identity Management provides a LDAP server, which is easy to configure, does not have external dependencies and is tailored to work perfectly with other LibreGraph software.\n\nThe goal is that everyone who does not already have or needs an LDAP server, uses IDM.\n\nThus, IDM is a (currently read-only) drop in replacement for an existing LDAP server and does provide an LDAP interface if none is there already. IDM uses hard coded indexes and supports LDAP search, bind and unbind operations.\n\n### Running idmd from a source build\n\nUntil packages and containers for more environments are available it is the easiest to just create a local build of `idmd`. For this just run `make`.\n\nIDM uses a mixture of environment variables and parameters for configuration and needs to be at least passed a the location of an individual ldif file or a directory containing multiple ldif files.\n\n```bash\n$ ./idmd serve --ldif-main ./export.ldif\nINFO[0000] LDAP listener started                         listen_addr=\"127.0.0.1:10389\"\nINFO[0000] ready\n```\n\n### Configuration\n\nThe default base DN of IDM is `dc=lg,dc=local`. There is usually no need to change, it if you don't use the LDAP data for anything else. The value needs to match what the clients have configured. Similarly, the default mail domain is `lg.local`.\n\nBoth values can be changed by passing `--ldap-base-dn` or `--ldif-template-default-mail-domain` respectively.\n\nIDM uses ldif files for its data source and those files, the location of these files needs to be passed at startup using the `--ldif-main` parameter.\n\n#### Adding a service user for LDAP access\n\nBy default IDM does not have any users and anonymous bind is disabled. You can enable anonymous bind support for local requests by passing `--ldap-allow-local-anonymous` when running `idmd`. Alternatively a service user can be specified in the following way:\n\n```bash\ncat \u003c\u003cEOF \u003e ./config.ldif\ndn: cn=readonly,{{.BaseDN}}\ncn: readonly\ndescription: LDAP read only service user\nobjectClass: simpleSecurityObject\nobjectClass: organizationalRole\nuserPassword: readonly\nEOF\n```\n\nAnd then passed as an additional parameter when starting `idmd` by passing `--ldif-config ./config.ldif`. The `config.ldif` is for service users only and the data in there is used for bind requests only, but never returned for search requests.\n\n#### Add users to the ldap service\n\n`idmd` serves all ldif files from the folder specified by `--ldif-main` (loaded in lexical order and parsed as templates). Whenever any of the ldif files are changed, added or removed, make sure to restart `idmd`.\n\n`idmd` listens on `127.0.0.1:10389` by default and does not ship with any default users. Example configuration can be found in the [scripts directory](https://github.com/libregraph/idm/tree/master/scripts) of this repository.\n\n##### Add new users using the `gen newusers` command\n\nIDM provides a way to create ldif data for new users using batch mode similar to the unix `newusers` command using the following standard password file format:\n\n```bash\nuid:userPassword:uidNumber:gidNumber:cn,[mail][,mailAlternateAddress...]:ignored:ignored\n```\n\nFor example, like this:\n\n```bash\ncat \u003c\u003c EOF | ./idmd gen newusers - --min-password-strength=4 \u003e ./ldif/50-users.ldif\njonas:passwordOfJonas123:::Jonas Brekke,jonas@lg.local::\ntimmothy:passwordOfTimmothy456:::Timmothy Schöwalter::\nEOF\n```\n\nThis outputs an LDIF template file which you can modify as needed. When done run restart `idmd` to make the new users available. Keep in mind that some of the attributes must be unique.\n\n##### Replace existing OpenLDAP with IDM\n\nOn the LDAP server export all its data using `slapcat` and write the resulting ldif to for example `./ldif/10-main.ldif`. This is a drop in replacement and all what was in OpenLDAP is now also in IDM.\n\nEither stop `slapd` and change the IDM configuration to listen where `slapd` used to listen or change the clients to connect to where `idmd` listens to migrate.\n\n### Extra goodies\n\n#### Template support\n\nAll ldif files loaded by IDM support template syntax as defined in https://golang.org/pkg/text/template to allow auto generation and replacement of various values. You can find example templates in the [scripts directory](https://github.com/libregraph/idm/tree/master/scripts) as well. All the `gen` commands output template syntax if applicable.\n\n#### Generate secure password hash using the `gen passwd` command\n\nIDM supports secure password hashing using ARGON2. To create such password hashes either use `gen newusers` or the interactive `gen passwd` which is very similar to `slappasswd` from OpenLDAP.\n\n```bash\n./idmd gen passwd\nNew password:\nRe-enter new password:\n{ARGON2}$argon2id$v=19$m=65536,t=1,p=2$MaB5gX2BI484dATbGFyEIg$h2X8rbPowzZ/Exsz4W20Z/Zk54C30YnY+YbivSIRpcI\n```\n\n#### Test IDM\n\nSince `idmd` provides a standard LDAP interface, also standard LDAP tools can be used to interact with it for testing. Run `apt install ldap-utils` to install LDAP commandline tools.\n\n```bash\nldapsearch -x -H ldap://127.0.0.1:10389 -b \"dc=lg,dc=local\" -D \"cn=readonly,dc=lg,dc=local\" -w 'readonly'\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flibregraph%2Fidm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flibregraph%2Fidm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flibregraph%2Fidm/lists"}