glauth-ui-light is a small golang web app to manage users and groups from the db files of glauth ldap server for small business, self hosted, labs infrastructure or raspbery servers.
Thanks of hot-reload feature on glauth configuration file change, glauth-ui-light can edit and update glauth configuration and manage ldap users.
glauth-ui-light update only users and groups.
All lines after the first
[[users]] in glauth configuration file will be updated. The use of same model structure than glauth V2 allow to keep manual edition of non managed features as
capabilities, loginShell, sshkeys, otpsecret, yubikey, includegroups, .... Only comments on these lines are lost.
Current glauth experimental feature on
customattributes is lost due to the need of a patched
- Static binary with small customisations
- Keep abbility to edit glauth configuration file
- Custom front page text and application name
- Add new localisations by adding new yaml file
- Authentication with current glauth users if
- Admin right is defined for members of group defined in
- Users in group
gidcanchgpassare common users and can change their passwords
Missing glauth V2 features
Current glauth experimental feature on
customattributes is lost due to the need of a patched toml library.
Some overkill features for a self hosted infrastrucuture
- only register bcrypt passwords
- daily log rotates
- i18n support
- responsive UI
- delayed after 4 failed login
- rate requests limiter against brute force ttempts
- STS, CSP
- standalone SSL or via reverse proxy
- high tests coverage
- windows, macos builds (not tested)
Allow users to self change their passwords can create bad concurrent updates of glauth configuration file.
Download last release from https://github.com/yvesago/glauth-ui-light/releases
Create config file :
####################### # glauth-ui-light.conf # dbfile: glauth conf file # with watchconfig enabled for hot-reload on conf file change # glauth-ui-light need write access dbfile = "samples-conf/glauth-sample-simple.cfg" # run on a non privileged port port = "0.0.0.0:8080" # When a self hosted ssl reverse proxy is used : # port = "127.0.0.1:8080" # Custom first page texts appname = "glauth-ui-light" appdesc = "Manage users and groups for glauth ldap server" [sec] # TODO set random secrets for CSRF token csrfrandom = "secret1" [passpolicy] min = 2 max = 24 allowreadssha256 = true # to be set to false when all passwords are bcrypt [cfgusers] start = 5000 # start with this uid number gidadmin = 5501 # members of this group are admins gidcanchgpass = 5500 # members of this group can change their password [cfggroups] start = 5500 # start with this gid number
$ ./glauth-ui -c glauth-ui-light.conf & $ firefox http://localhost:8080/
cp locales/tr.yml locales/it-IT/it.yml
Translate strings and add new local to config file
... [locale] lang = "it" path = "locales/" langs = ["en-US","fr-FR","it-IT"] ...
$ git clone https://github.com/yvesago/glauth-ui-light.git $ cd glauth-ui-light $ make
# linter $ golangci-lint run ./... # tests $ go test ./... ? glauth-ui-light [no test files] ok glauth-ui-light/config 0.284s ok glauth-ui-light/handlers 0.246s ok glauth-ui-light/helpers 18.048s # failed login tests need 18s ok glauth-ui-light/routes 0.019s # test coverage $ go test -coverprofile=coverage.out ./... $ go tool cover -func=coverage.out ... glauth-ui-light/routes/routes.go:78: initServer 85.4% glauth-ui-light/routes/routes.go:174: SetRoutes 93.5% glauth-ui-light/routes/routes.go:220: contains 100.0% glauth-ui-light/routes/routes.go:229: setCacheHeaders 100.0% glauth-ui-light/routes/routes.go:248: Auth 100.0% total: (statements) 93.7% # html browser output $ go tool cover -html=coverage.out
$ scp -pr locales [email protected]:/home/app/glauth-ui-light $ scp build/linux/glauth-ui [email protected]:/home/app/glauth-ui-light
main.go |-config |-glauth-config-v2.go // glauth users goups models |-webconfig.go |-user.go // user methods |-helpers |-cookie.go // cookies for session |-db.go // read write data |-18n.go // i18n |-sessions.go // manage session |-handler |-global.go // global var, render |-login.go |-users.go |-groups.go |- routes |-routes.go // load template, i18n. Set routes, auth middleware |-web // due to "embed" files |-assets |-css |-bootstrap.css |-....css |-js |-....js |-templates |-global |-header.tmpl |-footer.tmpl |-home |-index.tmpl |-login.tmpl |-user |-list.tmpl |-add.tmpl |-edit.tmpl |-profile.tmpl |-group |-list.tmpl |-add.tmpl |-edit.tmpl |-locales |-en-US |-fr-FR |-samples-conf |-webconfig.cfg |-glauthconfig.cfg
- initial release
- Add otp
Copyright (c) 2022 Yves Agostini