Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/glauth/glauth
A lightweight LDAP server for development, home use, or CI
https://github.com/glauth/glauth
developer-tools go golang ldap ldap-server security
Last synced: 3 days ago
JSON representation
A lightweight LDAP server for development, home use, or CI
- Host: GitHub
- URL: https://github.com/glauth/glauth
- Owner: glauth
- License: mit
- Created: 2018-04-25T00:20:14.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2024-12-03T07:05:38.000Z (10 days ago)
- Last Synced: 2024-12-03T10:03:48.107Z (10 days ago)
- Topics: developer-tools, go, golang, ldap, ldap-server, security
- Language: Go
- Homepage:
- Size: 8.87 MB
- Stars: 2,469
- Watchers: 30
- Forks: 218
- Open Issues: 84
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- go-awesome - GLAuth - LDAP server (Open source library / The Internet)
- awesome-golang-repositories - glauth
- awesome-ops - glauth/glauth - 04-25|2024-10-05 | 基于 golang 实现的类 ldap 功能的系统,支持本地,S3,原有 ldap,以及 MySQL 等存储方式。使用习惯上与 ldap 略有差异 | (OpenLDAP)
- my-awesome - glauth/glauth - tools,go,golang,ldap,ldap-server,security pushed_at:2024-12 star:2.5k fork:0.2k A lightweight LDAP server for development, home use, or CI (Go)
- awesome-starred - glauth/glauth - A lightweight LDAP server for development, home use, or CI (security)
README
# GLAuth: LDAP authentication server for developers
Go-lang LDAP Authentication (GLAuth) is a secure, easy-to-use, LDAP server w/ configurable backends.
[](https://gitter.im/glauth/community?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)
[](hey)
* Centrally manage accounts across your infrastructure
* Centrally manage SSH keys, Linux accounts, and passwords for cloud servers.
* Lightweight alternative to OpenLDAP and Active Directory for development, or a homelab.
* Store your user directory in a file, local or in S3; SQL database; or proxy to existing LDAP servers.
* Two Factor Authentication (transparent to applications)
* Multiple backends can be chained to inject features
Use it to centralize account management across your Linux servers, your OSX machines, and your support applications (Jenkins, Apache/Nginx, Graylog2, and many more!).
### Contributing
- Please base all Pull Requests on [dev](https://github.com/glauth/glauth/tree/dev), not master.
- Format your code autonmatically using `gofmt -d ./` before committing
### Quickstart
This quickstart is a great way to try out GLAuth in a non-production environment. *Be warned that you should take the extra steps to setup SSL (TLS) for production use!*
1. Download a precompiled binary from the [releases](https://github.com/glauth/glauth/releases) page.
2. Download the [example config file](https://github.com/glauth/glauth/blob/master/v2/sample-simple.cfg).
3. Start the GLAuth server, referencing the path to the desired config file with `-c`.
- `./glauth64 -c sample-simple.cfg`
4. Test with traditional LDAP tools
- For example: `ldapsearch -LLL -H ldap://localhost:3893 -D cn=serviceuser,ou=svcaccts,dc=glauth,dc=com -w mysecret -x -bdc=glauth,dc=com cn=hackers`
### Make Commands
Note - makefile uses git data to inject build-time variables. For best results, run in the context of the git repo.
### Documentation
:point_right: The latest version of GLauth's documentation is available at https://glauth.github.io/ :point_left:
### Quickstart
Get started in three short [steps](https://glauth.github.io/docs/quickstart.html)
### Usage:
```
glauth: securely expose your LDAP for external auth
Usage:
glauth [options] -c
glauth -h --help
glauth --version
Options:
-c, --config Config file.
-K AWS Key ID.
-S AWS Secret Key.
-r AWS Region [default: us-east-1].
--ldap
Listen address for the LDAP server.
--ldaps Listen address for the LDAPS server.
--ldaps-cert Path to cert file for the LDAPS server.
--ldaps-key Path to key file for the LDAPS server.
-h, --help Show this screen.
--version Show version.
```
### Configuration:
GLAuth can be deployed as a single server using only a local configuration file. This is great for testing, or for production if you use a tool like Puppet/Chef/Ansible:
```unix
glauth -c glauth.cfg
```
Here's a sample config wth hardcoded users and groups:
```toml
[backend]
datastore = "config"
baseDN = "dc=glauth,dc=com"
[[users]]
name = "hackers"
uidnumber = 5001
primarygroup = 5501
passsha256 = "6478579e37aff45f013e14eeb30b3cc56c72ccdc310123bcdf53e0333e3f416a" # dogood
sshkeys = [ "ssh-dss AAAAB3..." ]
[[users]]
name = "uberhackers"
uidnumber = 5006
primarygroup = 5501
passbcrypt = "243261243130244B62463462656F7265504F762E794F324957746D656541326B4B46596275674A79336A476845764B616D65446169784E41384F4432" # dogood
[[groups]]
name = "superheros"
gidnumber = 5501
```
More configuration options are documented [here](https://glauth.github.io/docs/file.html) and in this [sample file](https://github.com/glauth/glauth/blob/master/v2/sample-simple.cfg)
### Backends:
For advanced users, GLAuth supports pluggable backends. Currently, it can use a local file, S3 or an existing LDAP infrastructure. Through the use of optional plugins, you can connect SQL databases, PAM, and other datastores.
```toml
[backend]
datastore = "ldap"
servers = [ "ldaps://server1:636", "ldaps://server2:636" ]
```
# Stargazers over time
[](https://starchart.cc/glauth/glauth)