LDAP intermediate API for ProxmoxAAS
app | ||
configs | ||
init | ||
scripts | ||
test | ||
.gitignore | ||
go.mod | ||
Makefile | ||
proxmoxaas-ldap.go | ||
README.md |
ProxmoxAAS LDAP - Simple REST API for LDAP
ProxmoxAAS LDAP provides a simple API for managing users and groups in a simplified LDAP server. Expected LDAP configuration can be initialized using open-ldap-setup.
Installation
Prerequisites
- Initialized LDAP server with the following configuration
- Structure
- Users: ou=people,...
- objectType: inetOrgPerson
- At least 1 user which is a member of admin group
- Groups: ou=groups,...
- objectType: groupOfNames
- At least 1 admin group
- Users: ou=people,...
- Permissions:
- Admin group should have write access
- Users should have write access to own attributes (cn, sn, userPassword)
- Enable anonymous binding
- Load MemberOf Policy:
- olcMemberOfDangling: ignore
- olcMemberOfRefInt: TRUE
- olcMemberOfGroupOC: groupOfNames
- olcMemberOfMemberAD: member
- olcMemberOfMemberOfAD: memberOf
- Password Policy and TLS are recommended but not required
- Structure
Installation
- Download
proxmoxaas-ldap
binary andtemplate.config.json
file from releases - Rename
template.config.json
toconfig.json
and modify:- listenPort: port for PAAS-LDAP to bind and listen on
- ldapURL: url to the ldap server ie.
ldap://ldap.domain.net
- startTLS: true if backend LDAP supports StartTLS
- basedn: base DN ie.
dc=domain,dc=net
- sessionCookieName: name of the session cookie
- sessionCookie: specific cookie properties
- path: cookie path
- httpOnly: cookie http-only
- secure: cookie secure
- maxAge: cookie max-age
- Run the binary
Building and Testing from Source
Building requires the go toolchain. Testing requires the go toolchain, make, and apt. Currently only supports Debian.
Building from Source
- Clone the repository
- Run
go get
to get requirements - Run
make
to build the binary
Testing Source
- Clone the repository
- Run
go get
to get requirements - Run
make dev-init
to install test requirements including openldap (slapd), ldap-utils, debconf-utils - Run
make test
to run all tests