Go-lang LDAP Authentication (GLAuth) is a secure, easy-to-use, LDAP server w/ configurable backends.
- Centrally manage accounts across your infrastructure
- Centrally manage SSH keys, Linux accounts, and passwords for cloud servers.
- Lightweight alternative to OpenLDAP and Active Directory for development, or a homelab.
- Store your user directory in a file, local or in S3; SQL database; or proxy to existing LDAP servers.
- Two Factor Authentication (transparent to applications)
- Multiple backends can be chained to inject features
Use it to centralize account management across your Linux servers, your OSX machines, and your support applications (Jenkins, Apache/Nginx, Graylog2, and many more!).
- Improved performance for SQL backends.
- Embed plugins in single binary.
- Store plugins in single repository.
- Moved from docopt to kong in CLI.
- Bumped Go and dependencies versions.
- Added binary distribution for various architectures of Linux, MacOS and Windows.
- Added Grafana dashboard.
This quickstart is a great way to try out GLAuth in a non-production environment. Be warned that you should take the extra steps to setup SSL (TLS) for production use!
- Download a precompiled binary from the releases page.
- Download the example config file.
- Start the GLAuth server, referencing the path to the desired config file with
-c../glauth64 -c sample-simple.cfg
- Test with traditional LDAP tools
- For example:
ldapsearch -LLL -H ldap://localhost:3893 -D cn=serviceuser,ou=svcaccts,dc=glauth,dc=com -w mysecret -x -bdc=glauth,dc=com cn=hackers
- For example:
You can use Helm chart. It has:
- Support of PostgresOperator for database creation and secret management.
and more.
GLAuth has a Grafana dashboard that can be used to monitor the server.
- Download the dashboard.
- Import the dashboard into Grafana.
- Configure the data source to point to the GLAuth server.
Note - makefile uses git data to inject build-time variables. For best results, run in the context of the git repo.
The original version of GLauth's documentation is available at https://glauth.github.io/
Get started in three short steps
glauth: securely expose your LDAP for external auth
Usage:
glauth [options] -c <file|s3url>
glauth -h --help
glauth --version
Options:
-c, --config <file> Config file.
-K <aws_key_id> AWS Key ID.
-S <aws_secret_key> AWS Secret Key.
-r <aws_region> AWS Region [default: us-east-1].
--ldap <address> Listen address for the LDAP server.
--ldaps <address> Listen address for the LDAPS server.
--ldaps-cert <cert-file> Path to cert file for the LDAPS server.
--ldaps-key <key-file> Path to key file for the LDAPS server.
-h, --help Show this screen.
--version Show version.
GLAuth can be deployed as a single server using only a local configuration file. This is great for testing, or for production if you use a tool like Puppet/Chef/Ansible:
glauth -c glauth.cfg
Here's a sample config wth hardcoded users and groups:
[backend]
datastore = "config"
baseDN = "dc=glauth,dc=com"
[[users]]
name = "hackers"
uidnumber = 5001
primarygroup = 5501
passsha256 = "6478579e37aff45f013e14eeb30b3cc56c72ccdc310123bcdf53e0333e3f416a" # dogood
sshkeys = [ "ssh-dss AAAAB3..." ]
[[users]]
name = "uberhackers"
uidnumber = 5006
primarygroup = 5501
passbcrypt = "243261243130244B62463462656F7265504F762E794F324957746D656541326B4B46596275674A79336A476845764B616D65446169784E41384F4432" # dogood
[[groups]]
name = "superheros"
gidnumber = 5501More configuration options are documented here and in this sample file
GLAuth can use a local file, S3 or an existing LDAP infrastructure and also supports SQL databases.
- Config file
- S3
- Postgres
- MySQL
- SQLite
- LDAP
- PAM
[backend]
datastore = "ldap"
servers = [ "ldaps://server1:636", "ldaps://server2:636" ]For more information, see CONTRIBUTING.md.
GLAuth is licensed under the GNU Affero General Public License v3.0 and as commercial software. For commercial licensing, please contact us at [email protected].