{"id":21660782,"url":"https://github.com/schorschii/laps4linux","last_synced_at":"2025-04-11T22:42:51.858Z","repository":{"id":38441118,"uuid":"362510094","full_name":"schorschii/LAPS4LINUX","owner":"schorschii","description":"Local Administrator Password Solution (LAPS) - implementation for Linux, macOS and Windows with additional features","archived":false,"fork":false,"pushed_at":"2024-04-25T17:52:08.000Z","size":4058,"stargazers_count":46,"open_issues_count":1,"forks_count":16,"subscribers_count":7,"default_branch":"master","last_synced_at":"2024-05-01T16:22:47.027Z","etag":null,"topics":["active-directory","ad","administrator","laps","linux","password"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/schorschii.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["schorschii"],"liberapay":"schorschii","custom":["https://www.paypal.me/schorschii"]}},"created_at":"2021-04-28T15:01:42.000Z","updated_at":"2024-06-14T13:20:14.067Z","dependencies_parsed_at":"2024-01-10T19:44:04.783Z","dependency_job_id":"408953f7-ce4f-46cf-9534-7edeb25b4954","html_url":"https://github.com/schorschii/LAPS4LINUX","commit_stats":null,"previous_names":[],"tags_count":20,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/schorschii%2FLAPS4LINUX","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/schorschii%2FLAPS4LINUX/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/schorschii%2FLAPS4LINUX/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/schorschii%2FLAPS4LINUX/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/schorschii","download_url":"https://codeload.github.com/schorschii/LAPS4LINUX/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248492993,"owners_count":21113159,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["active-directory","ad","administrator","laps","linux","password"],"created_at":"2024-11-25T09:38:43.580Z","updated_at":"2025-04-11T22:42:51.845Z","avatar_url":"https://github.com/schorschii.png","language":"Python","readme":"\u003cimg align=\"right\" style=\"width:180px\" src=\"assets/laps.png\"\u003e\n\n# LAPS4LINUX\nLinux and macOS implementation of the Local Administrator Password Solution (LAPS) from Microsoft.\n\nLAPS is a system which periodically changes local admin passwords on domain computers and stores them (encrypted) in the LDAP directory (i.e. Active Directory), where domain administrators can decrypt and view them. This ensures that people who leave the company do not have access to local admin accounts anymore and that every local admin has a strong unique password set.\n\n## Client\nThe management client enables administrators to view the current (decrypted) local admin passwords. It can be used from command line or as graphical application.\n\nThe client is also executable under Windows and provides an improved UI compared with the original tools from Microsoft and additional features (e.g. display additional LDAP values, directly start remote connections and it can be called with `laps://` protocol scheme parameter to directly start search).\n\nRead [README.md in the laps-client dir](laps-client/) for more information.\n\n## Runner\nThe runner is responsible for periodically rotating the admin password of a Linux client and updating it in the LDAP directory.\n\nRead [README.md in the laps-runner dir](laps-runner/) for more information.\n\n## Support for both Legacy and Native LAPS\nMicrosoft introducted the new \"Native LAPS\" in 2023. In contrast to Legacy LAPS, the new version uses different LDAP attributes and has the option to store the password encrypted in the LDAP directory. LAPS4LINUX supports both versions out-of-the-box. The client will search for a password in the following order: Native LAPS encrypted, Native LAPS unencrypted, Legacy LAPS (unencrypted).\n\nThe runner can operate in Legacy or Native mode by switching the setting `native-laps` to `true` or `false`. In Native mode, the runner stores the password and username as JSON string in the LDAP attribute, as defined by Microsoft. In addition to that, when in Native mode, you can set `security-descriptor` to a valid SID in your domain and the runner will encrypt the password for this user/group. Please note: only SID security descriptors are supported (e.g. `S-1-5-21-2185496602-3367037166-1388177638-1103`), do not use group names (`DOMAIN\\groupname`). If you enable encryption, you should also change `ldap-attribute-password` to `msLAPS-EncryptedPassword` to store the encrypted password in the designated LDAP attribute for compatibility with other Tools. Please have a look at the runner section below for more information.\n\nFor de-/encryption, the Python [dpapi-ng library](https://github.com/jborean93/dpapi-ng) is used.\n\n## More Information\n- [LAPS4LINUX 💘 OpenLDAP](docs/OpenLDAP.md)\n","funding_links":["https://github.com/sponsors/schorschii","https://liberapay.com/schorschii","https://www.paypal.me/schorschii"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fschorschii%2Flaps4linux","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fschorschii%2Flaps4linux","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fschorschii%2Flaps4linux/lists"}