mirror of
https://github.com/lldap/lldap.git
synced 2024-11-25 09:06:03 +00:00
README: Add more details and a screenshot
This commit is contained in:
parent
3df3a96d46
commit
a43364a70f
3 changed files with 27 additions and 6 deletions
|
@ -19,3 +19,4 @@ lldap_config.toml
|
||||||
server_key
|
server_key
|
||||||
users.db*
|
users.db*
|
||||||
.gitignore
|
.gitignore
|
||||||
|
screenshot.png
|
||||||
|
|
32
README.md
32
README.md
|
@ -1,12 +1,17 @@
|
||||||
# lldap - Light LDAP implementation for authentication
|
# lldap - Light LDAP implementation for authentication
|
||||||
|
|
||||||
WARNING: This project is still WIP, it's still missing core functionality. For
|
WARNING: This project is still in alpha, with the basic core functionality
|
||||||
updates, follow [@nitnelave1](https://twitter.com/nitnelave1).
|
implemented but still very rough. For updates, follow
|
||||||
|
[@nitnelave1](https://twitter.com/nitnelave1) or join our [Discord
|
||||||
|
server](https://discord.gg/h5PEdRMNyP)!
|
||||||
|
|
||||||
|
|
||||||
This project is an lightweight authentication server that provides an
|
This project is an lightweight authentication server that provides an
|
||||||
opinionated, simplified LDAP interface for authentication: clients that can
|
opinionated, simplified LDAP interface for authentication: clients that can
|
||||||
only speak LDAP protocol can talk to it and use it as an authentication server.
|
only speak LDAP protocol can talk to it and use it as an authentication server.
|
||||||
|
|
||||||
|
![Screenshot of the user list page](screenshot.png)
|
||||||
|
|
||||||
The goal is _not_ to provide a full LDAP server; if you're interested in that,
|
The goal is _not_ to provide a full LDAP server; if you're interested in that,
|
||||||
check out OpenLDAP. This server is made to be:
|
check out OpenLDAP. This server is made to be:
|
||||||
* simple to setup (no messing around with `slapd`)
|
* simple to setup (no messing around with `slapd`)
|
||||||
|
@ -20,12 +25,13 @@ authentication.
|
||||||
|
|
||||||
## Architecture
|
## Architecture
|
||||||
|
|
||||||
The server is entirely written in Rust, using [actix](https://actix.rs) and
|
The server is entirely written in Rust, using [actix](https://actix.rs) for the
|
||||||
[yew](https://yew.rs) for the frontend.
|
backend and [yew](https://yew.rs) for the frontend.
|
||||||
|
|
||||||
Backend:
|
Backend:
|
||||||
* Listens on a port for LDAP protocol.
|
* Listens on a port for LDAP protocol.
|
||||||
* Only a small, read-only subset of the LDAP protocol is supported.
|
* Only a small, read-only subset of the LDAP protocol is supported.
|
||||||
|
* An extension to allow resetting the password through LDAP will be added.
|
||||||
* Listens on another port for HTTP traffic.
|
* Listens on another port for HTTP traffic.
|
||||||
* The authentication API, based on JWTs, is under "/auth".
|
* The authentication API, based on JWTs, is under "/auth".
|
||||||
* The user management API is a GraphQL API under "/api/graphql". The schema
|
* The user management API is a GraphQL API under "/api/graphql". The schema
|
||||||
|
@ -54,6 +60,9 @@ Data storage:
|
||||||
interface between front and back-end. In particular, it contains the OPAQUE
|
interface between front and back-end. In particular, it contains the OPAQUE
|
||||||
structures and the JWT format.
|
structures and the JWT format.
|
||||||
* `app/`: The frontend.
|
* `app/`: The frontend.
|
||||||
|
* `src/components`: The elements containing the business and display logic of
|
||||||
|
the various pages and their components.
|
||||||
|
* `src/infra`: Various tools and utilities.
|
||||||
* `server/`: The backend.
|
* `server/`: The backend.
|
||||||
* `src/domain/`: Domain-specific logic: users, groups, checking passwords...
|
* `src/domain/`: Domain-specific logic: users, groups, checking passwords...
|
||||||
* `src/infra/`: API, both GraphQL and LDAP
|
* `src/infra/`: API, both GraphQL and LDAP
|
||||||
|
@ -67,7 +76,13 @@ storage. They are hashed using a secret provided in the configuration (which
|
||||||
can be given as environment variable or command line argument as well): this
|
can be given as environment variable or command line argument as well): this
|
||||||
should be kept secret and shouldn't change (it would invalidate all passwords).
|
should be kept secret and shouldn't change (it would invalidate all passwords).
|
||||||
|
|
||||||
TODO: Add client-side password hashing.
|
Authentication is done via the OPAQUE protocol, meaning that the passwords are
|
||||||
|
never sent to the server, but instead the client proves that they know the
|
||||||
|
correct password (zero-knowledge proof). This is likely overkill, especially
|
||||||
|
considered that the LDAP interface requires sending the password to the server,
|
||||||
|
but it's one less potential flaw (especially since the LDAP interface can be
|
||||||
|
restricted to an internal docker-only network while the web app is exposed to
|
||||||
|
the Internet).
|
||||||
|
|
||||||
### JWTs and refresh tokens
|
### JWTs and refresh tokens
|
||||||
|
|
||||||
|
@ -99,7 +114,12 @@ Contributions are welcome! Just fork and open a PR. Or just file a bug.
|
||||||
We don't have a code of conduct, just be respectful and remember that it's just
|
We don't have a code of conduct, just be respectful and remember that it's just
|
||||||
normal people doing this for free on their free time.
|
normal people doing this for free on their free time.
|
||||||
|
|
||||||
Make sure that you run `cargo fmt` from the root before creating the PR.
|
Make sure that you run `cargo fmt` from the root before creating the PR. And if
|
||||||
|
you change the GraphQL interface, you'll need to regenerate the schema by
|
||||||
|
running `./export_schema.sh`.
|
||||||
|
|
||||||
|
Join our [Discord server](https://discord.gg/h5PEdRMNyP) if you have any
|
||||||
|
questions!
|
||||||
|
|
||||||
### Setup
|
### Setup
|
||||||
|
|
||||||
|
|
BIN
screenshot.png
Normal file
BIN
screenshot.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 47 KiB |
Loading…
Reference in a new issue