Skip to content
/ galp Public

go-auth-ldap-prox: A reverse proxy provides authentication using LDAP and badger

License

Notifications You must be signed in to change notification settings

festum/galp

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

46 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

GALP (go-auth-ldap-proxy)

Travis Go Report Card

A reverse proxy provides authentication using LDAP and extra auth source to validate accounts by email. Inspired by bitly/oauth2_proxy. Many SME using LDAP to manage their employee accounts. Sometimes developer just want to expose internal services and limited access for only employees.

This proxy will going to check accounts credentials from LDAP and extra storage. Then set a JWT token on the domain. Each request will validate this token and pass request with identity to internal service if valid.

Features

  • Expose internal service by reverse proxy
  • Token verification/encryption
  • Auto extend token TTL
  • Pass user identity to internal service
  • LDAP authorization
  • DB authorization with bcrypt.MinCost

Getting Start

  • Generate a key for encryption
cd galp
ssh-keygen -t rsa -b 2048 -f ./galp.key
openssl rsa -in ./galp.key -pubout -outform PEM -out ./galp.key.pub
  • Edit variables
cp .env.sample .env
vim .env
  • Build
go build -o=galp ./cli/main.go
go build -o=galp-server ./main.go
  • Add a new user: ./galp user add user1 password

  • Run server: ./galp-server

  • Internal service can get LDAP user through GALP-UID from request header

Flavor

About

go-auth-ldap-prox: A reverse proxy provides authentication using LDAP and badger

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages