Open Source LDAP Virtual Directory
Applications need to know who users are and what permissions they have. While most enterprises have some form of an LDAP directory and most applications support LDAP the gap between what an enterprise has and what an application can integrate with. Some common issues a virtual directory can solve:
- Multiple Active Directory Forests - Most apps only know how to talk to a single directory, a virtual directory can combine them in real time transparently
- Authenticate against one directory, authorize against another - The people who own your enterprise's directory aren't generally responsible for your application. Getting groups and authorizations into the enterprise directory isn't their priority. Use a virtual directory you can control authorizations without involving the enterprise directory.
- Additional Attributes - Just like with authorizations, storing additional attributes in an enterprise directory can lead to conflicts with the enterprise directory's owners. A virtual directory can store additional attributes outside of your enterprise directory transparently to your application.
- Data Transformation - Your application was probably written for a specific brand of directory, slight variances between vendors can be difficult to manage. A virtual directory can map this data easily.
All feedback, bugs and support requests must be submitted through this GitHub project's issues
All contributions should be submitted as pull requests. All pull requests must include test cases that verify the functionality changes.
Please send all vulnerabilities to security@tremolosecurity.com. Tremolo Security maintains an internal GitLab deployment where we will track vulnerabilities until a patch is released at which point the issue will be posted to the public GitHub repository with full credit given to the discoverer of the vulnerability. We will respond to any vulnerability reports within 14 days of receipt.
To build MyVirtualDirectory without the unit tests, run mvn package -DskipTests=true
In order to run the unit tests OpenLDAP's slapd must be installed NOTE MacOS' OpenLDAP server will not work. If you're using MacOS use either brew or macports to run slapd. Once slapd is installed, create the following environment variabls:
Environment Variable | Example | Description |
---|---|---|
PROJ_DIR | /path/to/MyVirtualDirectory | The path to the MyVirtualDirectory project |
SCHEMA_DIR | /etc/openldap | Path to OpenLDAP's pre-build schemas |
SLAPD_PATH | /usr/sbin | Directory containing the slapd binary |
TMP_DIR | /tmp/ldap | A temporary directory used for creating local ldap servers NOTE this directory must exist before running tests |