Name: glauth
Author: glauth

Primary Use Case

GLAuth is primarily used to centralize user account management, SSH keys, and passwords across various infrastructure components such as Linux servers, OSX machines, and support applications like Jenkins or Apache. It is ideal for developers, system administrators, and homelab enthusiasts who need a lightweight alternative to full LDAP solutions like OpenLDAP or Active Directory, especially in non-production or small-scale environments.

Key Features

Lightweight LDAP server implemented in Go

Supports multiple configurable backends including file, S3, SQL, or LDAP proxy

Centralized management of accounts, SSH keys, and passwords

Two Factor Authentication support transparent to applications

Ability to chain multiple backends to extend features

Suitable for development, home use, or CI environments

Supports secure LDAP (LDAPS) with TLS configuration

Precompiled binaries and Docker images available

Insights & Recommendations

For production use, it is critical to configure SSL/TLS to secure LDAP traffic. GLAuth supports multiple backends and chaining, allowing flexible deployment architectures. Users should base pull requests on the 'dev' branch and format code using 'gofmt'. While suitable for lightweight and development environments, it may not replace full-featured enterprise LDAP solutions in large-scale deployments.

Installation

Download a precompiled binary from the releases page
Download the example configuration file from the repository
Start the GLAuth server with the config file using `./glauth64 -c sample-simple.cfg`
For production, configure SSL/TLS certificates for secure LDAPS
Optionally, use configuration management tools like Puppet, Chef, or Ansible for deployment

Usage

./glauth64 -c sample-simple.cfg

Starts the GLAuth server using the specified configuration file

ldapsearch -LLL -H ldap://localhost:3893 -D cn=serviceuser,ou=svcaccts,dc=glauth,dc=com -w mysecret -x -bdc=glauth,dc=com cn=hackers

Tests the LDAP server with a search query for a user entry

glauth -c <file|s3url>

Run GLAuth with a local config file or S3 URL configuration

--ldap <address>

Specify the listen address for the LDAP server

--ldaps <address>

Specify the listen address for the LDAPS (secure LDAP) server

--ldaps-cert <cert-file>

Path to the TLS certificate file for LDAPS

--ldaps-key <key-file>

Path to the TLS key file for LDAPS

-K <aws_key_id> -S <aws_secret_key> -r <aws_region>

Provide AWS credentials and region for S3 backend configuration

Smart Usage Notes

Integrate GLAuth into CI pipelines to centrally manage test environment credentials securely.Use GLAuth’s two-factor authentication support to enhance protection of development and staging environments.Chain multiple backends to create hybrid authentication systems combining local and cloud-based identity stores.Deploy GLAuth in homelab or small office environments to simulate enterprise IAM for purple team exercises.Combine GLAuth with monitoring tools to detect anomalous authentication patterns for early threat detection.

OpenSec Atlas

glauth

About This Tool

Primary Use Case

Key Features

Insights & Recommendations

Installation

Usage

Smart Usage Notes

Security Capability Profile

Tags

You Might Also Like