GLAuth: LDAP authentication server for developers

Go-lang LDAP Authentication (GLAuth) is a secure, easy-to-use, LDAP server w/ configurable backends.

GitHub all releases Docker pulls

GitHub last commit (branch) Code Climate maintainability

Centrally manage accounts across your infrastructure
Centrally manage SSH keys, Linux accounts, and passwords for cloud servers.
Lightweight alternative to OpenLDAP and Active Directory for development, or a homelab.
Store your user directory in a file, local or in S3; SQL database; or proxy to existing LDAP servers.
Two Factor Authentication (transparent to applications)
Multiple backends can be chained to inject features

Use it to centralize account management across your Linux servers, your OSX machines, and your support applications (Jenkins, Apache/Nginx, Graylog2, and many more!).

Documentation

👉 The latest version of GLauth's documentation is available at https://glauth.github.io/ 👈

Quickstart

Get started in three short steps

Usage:

glauth: securely expose your LDAP for external auth

Usage:
  glauth [options] -c <file|s3url>
  glauth -h --help
  glauth --version

Options:
  -c, --config <file>       Config file.
  -K <aws_key_id>           AWS Key ID.
  -S <aws_secret_key>       AWS Secret Key.
  -r <aws_region>           AWS Region [default: us-east-1].
  --ldap <address>          Listen address for the LDAP server.
  --ldaps <address>         Listen address for the LDAPS server.
  --ldaps-cert <cert-file>  Path to cert file for the LDAPS server.
  --ldaps-key <key-file>    Path to key file for the LDAPS server.
  -h, --help                Show this screen.
  --version                 Show version.

Configuration:

GLAuth can be deployed as a single server using only a local configuration file. This is great for testing, or for production if you use a tool like Puppet/Chef/Ansible:

glauth -c glauth.cfg

Here's a sample config wth hardcoded users and groups:

[backend]
  datastore = "config"
  baseDN = "dc=glauth,dc=com"
[[users]]
  name = "hackers"
  uidnumber = 5001
  primarygroup = 5501
  passsha256 = "6478579e37aff45f013e14eeb30b3cc56c72ccdc310123bcdf53e0333e3f416a"   # dogood
  sshkeys = [ "ssh-dss AAAAB3..." ]
[[users]]
  name = "uberhackers"
  uidnumber = 5006
  primarygroup = 5501
  passbcrypt = "243261243130244B62463462656F7265504F762E794F324957746D656541326B4B46596275674A79336A476845764B616D65446169784E41384F4432"   # dogood
[[groups]]
  name = "superheros"
  gidnumber = 5501

More configuration options are documented here and in this sample file

Backends:

For advanced users, GLAuth supports pluggable backends. Currently, it can use a local file, S3 or an existing LDAP infrastructure. Through the use of optional plugins, you can connect SQL databases, PAM, and other datastores.

[backend]
  datastore = "ldap"
  servers = [ "ldaps://server1:636", "ldaps://server2:636" ]

Project Name	Stars	Packages Using This	Most Recent Commit	Total Releases	Latest Release	Open Issues	License	Language
Glauth	1,929	3	2 months ago	20	February 28, 2022	63	mit	Go
A lightweight LDAP server for development, home use, or CI
Rogue Jndi	769		a year ago			7	mit	Java
A malicious LDAP server for JNDI injection attacks
Nginx Auth Ldap	706		6 months ago			149	bsd-2-clause	C
LDAP authentication module for nginx
Yacy_webclient_authentication	669		8 years ago				apache-2.0	PHP
Authentication layer for a YaCy webclient
Nginx Ldap Auth	640		3 months ago			26	bsd-2-clause	Python
Example of LDAP authentication using ngx_http_auth_request_module
Ssh Key Authority	385		a year ago			17	apache-2.0	PHP
A tool for managing SSH key access to any number of servers.
Ccs Calendarserver	363		3 years ago			53	apache-2.0	Python
The Calendar and Contacts Server.
Shadowd	361		5 years ago			2		Go
Secure login distribution service
Mattermost Ldap	308		2 months ago			33	mit	PHP
This module provides an external LDAP authentication in Mattermost for the Team Edition (free).
Netsus	295		2 years ago			36		PHP
NetBoot and Software Update Server

Glauth