GitHub license Maintenance made-with-Go made-with-Gobuffalo Go Report Card

GitHub release GitHub Actions Copr build status

Auri stands for: Automated User Registration IPA

Auri implements self service account creation and reset of credentials for FreeIPA


  • Requesting of accounts with validation workflow (see below)
  • Whitelisting of allowed domains
  • Self-service reset of password and/or SSH keys
  • Designed to store as less data as possible (e.g. no secrets are stored)
  • Logging of all IPA operations
  • Logging of all interactions (e.g. account request, approval actions)


Workflow overview


  • Linux (RH family)
  • PostgreSQL (tested with PostgreSQL 12)
  • FreeIPA (tested with FreeIPA 4.6.8 on CentOS 7)

Installation and configuration

Install and configure PostgreSQL (see this HowTo). Create a database and according user.

Use the Fedora COPR repository for auri installation:

$ wget -O /etc/yum.repos.d/auri.repo \
# on EL7
$ yum install auri
# on EL8 and Fedoro
$ dnf install auri

Auri RPM file contains two configuration files with default settings:

  • /etc/auri/database.yml – DB connection settings
  • /etc/auri/config.env – configuration file for auri

Change the configuration files as needed and set the mandatory configuration options. Keep in mind to restart auri in case of configuration changes.

Update the database scheme, enable and start auri:

$ auri migrate
$ systemctl enable auri
$ systemctl start auri

Create the maintenance cronjobs for removal of expired requests and tokens:

/etc/cron.d/auri <

$ cat > /etc/cron.d/auri <<EOF
0 3 * * * root auri task cleanup_requests && auri task cleanup_reset_tokens


Auri binary provides several maintenance tasks, see auri --help and auri task list for more details.

Development environment

This repository contains a Vagrantfile, so you can start the development environment via vagrant in a virtual machine like this:

  1. Install vagrant
  2. Install virtualbox
  3. Clone the repository
  4. Invoke vagrant up and grab a coffee

Invoke vagrant ssh to get to the VM, invoke buffalo dev in the VM in order to start Auri in the development mode. You can set the configuration parameters in the development mode via creating the .env file in the top-level. See the configuration file for possible options.

Unit tests can be executed using the prepared configuration file:

$ cp fixtures/testing-config.env .env
$ make test


Auri was a trainee project within Deutsche Telekom Security GmbH. We assume our problem and solution are generic enough to be interesting for others, so we decided to open source it 🙂 Any help with maintenance of Auri is welcome and appreciated!


Related and similar projects


This project is licensed under the MIT License – see the LICENSE file for details.