/ldap-manager

cloud-native LDAP web management interface.

Primary LanguageGoMIT LicenseMIT

ldap-manager

Build Status GitHub Docker Pulls Test Coverage Release

LDAP Manager is the cloud-native LDAP web management interface. LDAP has been around for a long time and has become a popular choice for user and group management - however, this should not mean that it's management interface should be hard to deploy and look and feel like it was made in the last century.

LDAP Manager is written in Go and comes with a Vue/Typescript frontend in a single, self-contained docker container. It also exposes it's API over both REST and gRPC!

Before you get started, make sure you have an OpenLDAP server like osixia/openldap running. For more information on deployment and a full example, see the deployment guide.

go install github.com/romnn/ldap-manager/cmd/ldap-manager
ldap-manager serve --generate
go run github.com/romnn/ldap-manager/cmd/ldap-manager serve --generate --http-port 8090

You can also download pre-built binaries from the releases page, or use the docker image:

docker run -p 8080:80 -p 9090:9090 romnn/ldap-manager --generate

For a list of options, run with --help. If you want to deploy OpenLDAP with LDAP Manager, read along.

Deployment

helm dependency update deployment/helm/charts/ldapmanager/
docker-compose
COMPOSE_DOCKER_CLI_BUILD=1 DOCKER_BUILDKIT=1 docker-compose -f deployment/docker-compose.yml up
Helm

TODO

Known bugs
Fixed bugs
  • when creating new groups, errors are not properly passed through
  • when creating new group, cannot add initial members
  • removing groups in edit user does not do anything (no errors)
  • errors when removing from group in user edit page break layout
  • memberof does not respect the initial admin user for both users and admins groups
Considerations
  • Serving the frontend externally If you have a cluster environment and want to scale the ldap-manager container individually or use a more performant static content server like nginx, you can disable serving static content using the --no-static (NO_STATIC) flag.

Development

Tools

Before you get started, make sure you have installed the following tools:

$ python3 -m pip install pre-commit bump2version invoke
$ go install github.com/kyoh86/richgo@latest
$ go install golang.org/x/tools/cmd/goimports@latest
$ go install golang.org/x/lint/golint@latest
$ go install github.com/fzipp/gocyclo/cmd/gocyclo@latest

Please always make sure code checks pass:

inv pre-commit

Compiling proto sources

If you want to (re-)compile the grpc service and gateway .proto source files, you will need

  • protoc
  • protoc-gen-go
  • protoc-gen-go-grpc.
  • protoc-gen-grpc-gateway
  • protoc-gen-openapiv2
apt install -y protobuf-compiler
brew install protobuf

go install google.golang.org/protobuf/cmd/protoc-gen-go@latest
go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@latest
go install github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-grpc-gateway@latest
go install github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2@latest

To compile the protos, you can use the provided script:

inv compile-proto

Generate screenshots

cd deployment/screenshot
yarn install --dev
yarn run screenshot

TODO

  • v2

    • refactor to use manual ldap search only where necessary

    • use an interface for the main functions of the manager in GRPC server

    • point out that the goal is user management only

    • documentation

  • nice to have

    • test the grpc and http servers as well

    • Implement CLI interface

      • new acc
      • change password
      • add group
      • add member to group
      • list users
      • verify?
  • done

    • refactor in general
    • add integration test with harbor
    • fix the docker container
    • fix the frontend
    • binds should always open new connections
    • function that opens a new connection
    • add a simple connection pool
    • fix nil pointer errors
    • decide what goes into pkg and what goes into internal
    • add tests for each file in pkg
    • Implement missing password hashing algorithms
    • Embed crypt(3) as vendored?
    • Fix flaky tests using fuzzy testing and check slappasswd source
    • add pagination
    • get rid of the password hashing mess
    • decide on a consistent naming (user vs account)
    • split into more files
    • update dependencies
    • fix issues and use new api for grpc and http without a base
    • add images to the readme