Skip to content
/ Catslap Public

LDAP REST microservice with Password Policy overlay support

License

MIT license
11 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

HackThisSite/Catslap

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
bin
bin
 
 
doc
doc
 
 
lib
lib
 
 
t
t
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
app.pl
app.pl
 
 
catslap.conf.example
catslap.conf.example
 
 
cpanfile
cpanfile
 
 
cpanfile.snapshot
cpanfile.snapshot
 
 

Repository files navigation

Catslap

Cat Slap!

LDAP REST microservice with Password Policy overlay support

The "Why"

Because why not? :D

Why should I use it?

OpenLDAP comes with the awesome Password Policy overlay, which adds password and authentication policy enforcement directly into SLAPD itself. This layer of security is immediately applied against any system using LDAP as an authentication provider with zero client-side changes.

However! Such overlays are part of LDAPv3, which adds richer return data, but most common languages do not support providing this data when using the bind function. An LDAP bind will work the same regardless, but will lack this informative data (e.g. account locked, password reset required, etc.).

Catslap provides this detailed LDAP authentication as a REST microservice that can be incorporated into any application's authentication process. Catslap also acts as middleware security to isolate your LDAP services from your other applications (your apps won't require administrative bind credentials). Also, because Catslap is powered by Mojolicious, horizontal scaling and zero-downtime hot redeployment are effortless through the built-in Hypnotoad pre-forking web server.

Why Perl?

The Net::LDAP Perl module includes full support for the LDAPv3 Password Policy overlay (via the Net::LDAP::Control::PasswordPolicy module). Perl is seemingly the only major web language with such complete support.

Why the name?

There is a utility that comes with OpenLDAP called slapcat(8), and since bad puns are the highest form of comedy, Catslap was born! :D

Installation

Notice: This assumes we will be installing and running Catslap as the meow user, installed in /home/meow/catslap.

Requirements

  • Perl 5.20 or greater
  • cpanminus or Carton
  • OpenLDAP SLAPD service with Password Policy overlay, users, superusers, and groups configured

Perl Dependencies

These will be installed in the next step.

Install

  1. cd to the parent directory where Catslap will be installed:
meow@server:/home/meow$ cd /home/meow/catslap
  1. Install the Perl CPAN module dependencies:
# if using cpanminus
# (include the trailing dot!)
meow@server:/home/meow/catslap$ cpanm --installdeps .

# if using Carton
meow@server:/home/meow/catslap$ carton install

  1. Configure Catslap, by copying catslap.conf.example to catslap.conf and editing it, following the comments within.

  2. Set Catslap to start with your server using either the supplied startup scripts, or using system utilities like Systemd or Supervisord.

Usage

Notice: This assumes we installed Catslap as the meow user in /home/meow/catslap.

meow@server:/home/meow/catslap$ ./bin/catslap
Catslap listening on http://localhost:31195/
meow@server:/home/meow/catslap$

No cats were slapped in the making of this software. =^^=

About

LDAP REST microservice with Password Policy overlay support

Topics

api ldap rest perl openldap overlay ldap-authentication

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

11 stars

Watchers

4 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages