yaLDAP is an easy-to-use LDAP server using YAML file as directory definition.
Sometimes, we just need a simple LDAP compatible server to store user/group information and other information.
For this purpose, many simple LDAP server exists and manage user/group in a better way than yaLDAP. However, no one can
have a fully customisable LDAP directory that can be used to store information or to follow a specific directory structure.
This is why yaLDAP exists: to provide a simple LDAP server that can be used to store any kind of information in a
customisable way.
I don't recommend to use this project for other thing than dev or homelab purpose; this LDAP server is not (yet) compliant with the LDAP RFCs.
yaLDAP is still in development and is not yet available other than as a Go installable package.
To start using yaLDAP, you need to install Go 1.20 or above. It is provided as a CLI directly installable from Go, so you can install it using
go install github.com/chezmoi-sh/yaldap/cmd/yaldap@latest
To run yaLDAP, you need to provide a backend to use. Currently, only the YAML backend is available. For example, to run yaLDAP with the YAML backend, you can use the following command:
yaldap run --backend.name yaml --backend.url <path-to-yaml-file>
Also, yaLDAP is ship with a set of tools that can be used to manage some part of the LDAP configuration, like hashing. For example, to hash a password using bcrypt, you can use the following command:
echo -n "password" | yaldap tools hash bcrypt --rounds 10 -
For more information about the tools, you can use the following command:
yaldap tools --help
yaLDAP can be configured using an YAML file to describe the LDAP directory.
See /pkg/ldap/yaml for more information.
dc:org: #dn: dc=org
dc:example: #dn: dc=example,dc=org
ou:group: #dn: ou=group,dc=example,dc=org
cn:owner: &test #dn: cn=admin,ou=group,dc=example,dc=org
objectClass: posixGroup
gidNumber: 1000
description: Organization owners
memberUid: [alice]
cn:dev: #dn: cn=dev,ou=group,dc=example,dc=org
objectClass: posixGroup
gidNumber: 1001
description: Organization developers
memberUid: [bob, charlie]
cn:qa: #dn: cn=qa,ou=group,dc=example,dc=org
objectClass: posixGroup
gidNumber: 1002
memberUid: [charlie, eve]
cn:ok: #dn: cn=ok,ou=group,dc=example,dc=org
<<: *test
gidNumber: 1003
description: Dummy group
# memberUid: [alice]
c:global: #dn: c=global,dc=example,dc=org
ou:people: #dn: ou=people,c=global,dc=example,dc=org
cn:alice: #dn: cn=alice,ou=people,c=global,dc=example,dc=org
objectClass: [posixAccount, UserMail]
- !!ldap/acl:allow-on dc=org # allow alice to request everything
description: Main organization admin
uid: alice
uidNumber: 1000
gidNumber: 1000
loginShell: /bin/bash
homeDirectory: /home/alice
userPassword: !!ldap/bind:password alice
usermail: [email protected]
cn:bob: #dn: cn=bob,ou=people,c=global,dc=example,dc=org
objectClass: posixAccount
- !!ldap/acl:allow-on ou=group,dc=example,dc=org # allow bob request only for user groups
uid: bob
homeDirectory: /home/bob
uidNumber: 1001
gidNumber: 1001
userPassword: !!ldap/bind:password bob
c:fr: #dn: c=fr,dc=example,dc=org
ou:people: #dn: ou=people,c=fr,dc=example,dc=org
cn:charlie: #dn: cn=charlie,ou=people,c=fr,dc=example,dc=org
objectClass: posixAccount
- !!ldap/acl:allow-on ou=group,dc=example,dc=org # allow charlie request for all groups...
- !!ldap/acl:deny-on cn=admin,ou=group,dc=example,dc=org # ...but to owner group
uid: charlie
homeDirectory: /home/charlie
uidNumber: 1100
gidNumber: 1001
userPassword: !!ldap/bind:password charlie
c:uk: #dn: c=uk,dc=example,dc=org
ou:people: #dn: ou=people,c=fr,dc=example,dc=org
cn:eve: #dn: cn=eve,ou=people,c=uk,dc=example,dc=org
objectClass: posixAccount
#NOTE: eve can't make any LDAP request (no !!ldap/bind:password field)
uid: eve
homeDirectory: /home/eve
uidNumber: 1003
gidNumber: 1002
userPassword: eve
If you want to contribute to yaLDAP, you can follow the CONTRIBUTING.md file.
yaLDAP is licensed under the AGPL v3 License. See the LICENSE file for more information.