8000 GitHub - virtualfabric/apricot: An OpenID Connect LDAP proxy
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

virtualfabric/apricot

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

105 Commits
.github/workflows
.github/workflows
 
 
apricot
apricot
 
 
docker
docker
 
 
.gitignore
.gitignore
 
 
.markdownlint.json
.markdownlint.json
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pyproject.toml
< A1BF /div>
pyproject.toml
 
 
run.py
run.py
 
 

Repository files navigation

Apricot

Apricot is a proxy for delegating LDAP requests to an OpenID Connect backend. The name is a slightly tortured acronym for: LDAP proxy for OpenID Connect.

Usage

Start the Apricot server on port 1389 by running:

python run.py --client-id "<your client ID>" --client-secret "<your client secret>" --backend "<your backend>" --port 1389 --domain "<your domain name>" --redis-host "<your Redis server>"

Alternatively, you can run in Docker by editing docker/docker-compose.yaml and running:

docker compose up

from the docker directory.

Using Redis [Optional]

You can use a Redis server to store generated uidNumber and gidNumber values in a more persistent way. To do this, you will need to provide the --redis-host and --redis-port arguments to run.py.

Outputs

This will create an LDAP tree that looks like this:

dn: DC=<your domain>
objectClass: dcObject

dn: OU=users,DC=<your domain>
objectClass: organizationalUnit
ou: users

dn: OU=groups,DC=<your domain>
objectClass: organizationalUnit
ou: groups

Each user will have an entry like

dn: CN=<user name>,OU=users,DC=<your domain>
objectClass: inetOrgPerson
objectClass: inetuser
objectClass: person
objectClass: posixAccount
objectClass: top
<user data fields here>

Each group will have an entry like

dn: CN=<group name>,OU=groups,DC=<your domain>
objectClass: groupOfNames
objectClass: posixGroup
objectClass: top
<group data fields here>

OpenID Connect

Instructions for specific OpenID Connect backends below.

Microsoft Entra

You will need to use the following command line arguments:

--backend MicrosoftEntra --entra-tenant-id "<your tenant ID>"

You will need to register an application to interact with Microsoft Entra. Do this as follows:

  • Create a new App Registration in your Microsoft Entra.
    • Set the name to whatever you choose (e.g. apricot)
    • Set access to Accounts in this organizational directory only.
    • Set Redirect URI to Public client/native (mobile & desktop) with a value of urn:ietf:wg:oauth:2.0:oob
  • Under Certificates & secrets add a New client secret
    • Set the description to whatever you choose (e.g. Apricot Authentication Secret)
    • Set the expiry time to whatever is relevant for your use-case
    • You must record the value of this secret at creation time, as it will not be visible later.
  • Under API permissions:
    • Ensure that the following permissions are enabled
      • Microsoft Graph > User.Read.All (application)
      • Microsoft Graph > GroupMember.Read.All (application)
      • Microsoft Graph > User.Read.All (delegated)
    • Select this and click the Grant admin consent button (otherwise manual consent is needed from each user)

About

An OpenID Connect LDAP proxy

Resources

Readme

License

BSD-3-Clause license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 94.6%
  • Shell 4.0%
  • Dockerfile 1.4%
0