{"id":25728832,"url":"https://github.com/ozgurcd/ldapsshpubkeyreader","last_synced_at":"2026-04-06T04:02:42.388Z","repository":{"id":147672587,"uuid":"251456234","full_name":"ozgurcd/ldapSSHPubkeyReader","owner":"ozgurcd","description":"Public Key reader from LDAP server to use with SSHd","archived":false,"fork":false,"pushed_at":"2025-10-03T08:24:33.000Z","size":64,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-10-24T11:59:44.311Z","etag":null,"topics":["ldap","ldap-authentication","linux","ssh"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ozgurcd.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-03-30T23:59:37.000Z","updated_at":"2025-10-03T08:24:36.000Z","dependencies_parsed_at":"2025-10-14T22:41:37.505Z","dependency_job_id":"e720ca27-8ff5-49dd-97ac-cfb0d41545af","html_url":"https://github.com/ozgurcd/ldapSSHPubkeyReader","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/ozgurcd/ldapSSHPubkeyReader","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ozgurcd%2FldapSSHPubkeyReader","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ozgurcd%2FldapSSHPubkeyReader/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ozgurcd%2FldapSSHPubkeyReader/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ozgurcd%2FldapSSHPubkeyReader/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ozgurcd","download_url":"https://codeload.github.com/ozgurcd/ldapSSHPubkeyReader/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ozgurcd%2FldapSSHPubkeyReader/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31458838,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-05T21:22:52.476Z","status":"online","status_checked_at":"2026-04-06T02:00:07.287Z","response_time":112,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ldap","ldap-authentication","linux","ssh"],"created_at":"2025-02-26T00:27:40.061Z","updated_at":"2026-04-06T04:02:42.354Z","avatar_url":"https://github.com/ozgurcd.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ldapSSHPubkeyReader\n\nOpenSSH relies on an external application to provide SSH keys when AuthorizedKeysCommand directive is used. In order to use SSH with keys stored in LDAP, a suitable script or program needs to provide the keys. Traditionally, some shell script that calls ldapsearch is being used for this purpose.\n\nThis go program can be used to fullfill the same need, only faster and in a lightweight manner.\n\n### Compile\n\nThe Makefile supports building for multiple platforms with optimized settings:\n\n#### Quick Start\n```bash\nmake                # Build for all platforms (Linux amd64, macOS amd64, macOS arm64)\nmake info           # Show available build targets and configuration\n```\n\n#### Platform-Specific Builds\n```bash\nmake linux-amd64    # Linux x86_64\nmake darwin-amd64   # macOS Intel\nmake darwin-arm64   # macOS Apple Silicon\n```\n\n#### Development Builds (with race detection)\n```bash\nmake dev-all        # Development builds for all platforms\nmake dev-linux-amd64 # Development build for Linux\n```\n\n#### Build Features\n- **CGO disabled**: Creates fully static binaries with no external dependencies\n- **Optimized**: Uses `-w -s` flags to strip debug info and reduce binary size\n- **Secure**: Uses `-trimpath` to remove filesystem paths from binaries\n- **Cross-platform**: Supports Linux amd64, macOS Intel, and macOS Apple Silicon\n\n#### Clean Up\n```bash\nmake clean          # Remove all built binaries\n```\n\nThe build produces optimized, statically-linked binaries named with platform suffixes (e.g., `ldapPubKeyReader-linux-amd64`). If you need debug information, use the development builds instead.\n\n### Configuration\n\nThe application supports multiple configuration methods with the following priority order:\n1. Environment variables (highest priority)\n2. Configuration file\n3. Default values (lowest priority)\n\n#### Configuration File Locations\n\nThe application searches for `ldapPubKeyReader.json` in these directories:\n```\n/etc/ssh/ldapPubKeyReader.json\n/etc/ldapPubKeyReader.json\n./ldapPubKeyReader.json (relative to binary location)\n```\n\nYou can also specify additional config paths as command line arguments.\n\n#### Configuration Format\n\n```json\n{\n    \"ldap_server\": {\n        \"url\": \"ldaps://ldap.example.com:636\",\n        \"bind_dn\": \"cn=readonly,dc=example,dc=com\",\n        \"bind_password\": \"password\",\n        \"connection_timeout\": \"10s\",\n        \"search_timeout\": \"30s\",\n        \"max_retries\": 3,\n        \"retry_delay\": \"1s\"\n    },\n    \"base_dn\": \"ou=People,dc=example,dc=com\",\n    \"public_key_attribute\": \"sshPublicKey\",\n    \"user_attribute\": \"uid\",\n    \"search_filter\": \"(%s=%s)\",\n    \"tls\": {\n        \"insecure_skip_verify\": false,\n        \"cert_file\": \"/path/to/client.crt\",\n        \"key_file\": \"/path/to/client.key\",\n        \"ca_file\": \"/path/to/ca.crt\"\n    },\n    \"debug\": false\n}\n```\n\n#### Environment Variables\n\nAll configuration options can be set via environment variables with the `LDAP_SSH_` prefix:\n\n```bash\nexport LDAP_SSH_LDAP_SERVER_URL=\"ldaps://ldap.example.com:636\"\nexport LDAP_SSH_BASE_DN=\"ou=People,dc=example,dc=com\"\nexport LDAP_SSH_LDAP_SERVER_BIND_DN=\"cn=readonly,dc=example,dc=com\"\nexport LDAP_SSH_LDAP_SERVER_BIND_PASSWORD=\"password\"\nexport LDAP_SSH_DEBUG=\"true\"\n```\n\n#### Configuration Options\n\n| Option | Description | Default | Required |\n|--------|-------------|---------|----------|\n| `ldap_server.url` | LDAP server URL | - | Yes |\n| `ldap_server.bind_dn` | Bind DN for authentication | - | No |\n| `ldap_server.bind_password` | Bind password | - | No |\n| `ldap_server.connection_timeout` | Connection timeout | 10s | No |\n| `ldap_server.search_timeout` | Search timeout | 30s | No |\n| `ldap_server.max_retries` | Max connection retries | 3 | No |\n| `ldap_server.retry_delay` | Delay between retries | 1s | No |\n| `base_dn` | LDAP search base DN | - | Yes |\n| `public_key_attribute` | SSH public key attribute | sshPublicKey | No |\n| `user_attribute` | User identifier attribute | uid | No |\n| `search_filter` | LDAP search filter template | (%s=%s) | No |\n| `tls.insecure_skip_verify` | Skip TLS certificate verification | false | No |\n| `tls.cert_file` | Client certificate file | - | No |\n| `tls.key_file` | Client private key file | - | No |\n| `tls.ca_file` | CA certificate file | - | No |\n| `debug` | Enable debug output | false | No |\n\n#### Timeout Configuration Examples\n\n```bash\n# Set a very short connection timeout (useful for testing)\nexport LDAP_SSH_LDAP_SERVER_CONNECTION_TIMEOUT=\"2s\"\n\n# Set a longer search timeout for slow LDAP servers\nexport LDAP_SSH_LDAP_SERVER_SEARCH_TIMEOUT=\"60s\"\n\n# Disable retries (set max_retries to 0)\nexport LDAP_SSH_LDAP_SERVER_MAX_RETRIES=\"0\"\n\n# Quick retry with minimal delay\nexport LDAP_SSH_LDAP_SERVER_RETRY_DELAY=\"100ms\"\n```\n\n**Timeout Format**: Use Go duration format: `10s`, `1m30s`, `500ms`, `2h`, etc.\n\n### Usage\n\n```bash\nldapPubKeyReader \u003cusername\u003e [config-path...]\n\n# Examples:\nldapPubKeyReader john.doe\nldapPubKeyReader john.doe /custom/config/path\nLDAP_SSH_DEBUG=true ldapPubKeyReader john.doe\n```\n\n#### Arguments\n\n- `username`: LDAP username to search for SSH public keys\n- `config-path`: Optional additional configuration search paths\n\n#### Security Features\n\n- **LDAP Injection Protection**: Input sanitization prevents LDAP injection attacks\n- **Connection Retry Logic**: Automatic retry with configurable delays and max attempts\n- **Comprehensive Timeout Controls**: \n  - Connection timeout for establishing LDAP connections\n  - Search timeout for LDAP query operations\n  - Network-level timeout via custom dialer\n  - Per-operation timeout on LDAP connection\n- **TLS Support**: Full TLS configuration including custom certificates\n- **Bind Authentication**: Support for authenticated LDAP connections\n\n#### Error Codes\n\n- `0`: Success\n- `1`: Configuration error or missing arguments\n- `2`: LDAP search error \n\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fozgurcd%2Fldapsshpubkeyreader","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fozgurcd%2Fldapsshpubkeyreader","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fozgurcd%2Fldapsshpubkeyreader/lists"}