commit e707cb2b3442e31441ecd30a6099d0faa1a8ae43 Author: Michael Aldridge Date: Mon Aug 17 01:22:17 2020 -0700 Initial Commit diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..19730cb --- /dev/null +++ b/LICENSE @@ -0,0 +1,20 @@ +Copyright 2020 Michael Aldridge + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..1ae2d6f --- /dev/null +++ b/README.md @@ -0,0 +1,20 @@ +# NetAuth LDAP Server + +The NetAuth LDAP server acts as a bridge that allows legacy systems +that understand LDAP to gain a read-only view of data in the NetAuth +server. + +It is recommended to install the NetAuth LDAP server on each host that +requires this interface and to bind it to the loopback interface. + +The format that the LDAP bridge exposes data in is slightly different +to that which is presented to an actual NetAuth client. The groups +are presented in a flattened format with all expansions processed, and +all groups are precented under a special `cn=groups` path. Similarly, +entities are presented under a `cn=entities` path under the base DN. + +Speaking of the base DN, NetAuth doesn't have such a concept, so the +LDAP bridge takes this as a seperate configuration item on startup. +The provided format must be a valid domain name that will be split on +`.`. Prepended to this will be `dc=netauth` to clearly signify that +the data retrieved is coming from NetAuth.