Glauth management ui created with python/flask

Related tags

Flaskglauth-ui
Overview

glauth-ui

Glauth-UI is a small flask web app i created to manage the minimal glauth ldap server. I created this as i wanted to use glauth for authentication in several service at home and at work, but since it is readonly there is no way for users to configure their own password for example.

Since i knew a bit of python and wanted to learn flask i thought i create a small webapp that acts as a management ui for glauth.

This should be considered as a prove of concept and some glauth features arent implemented yet as i have no use for them (yet). There are probably a lot of bugs in this and if you are using it you should limit the usage to the local network only.

Current features:

  • Stores Data (Glauth Settings, Users, Groups) in a SQL DB (Sqlite, MySQL, PostgreSQL are supported)
  • Generates a glauth compatible config.cfg file on every change to the db
  • Small UI for Endusers to change their password, name and email or reset their password (if forgotten).
  • Admin UI for managing settings and creating users and groups
  • eMail support for forgotten passwords and new user creation

Missing features:

  • Not all glauth settings and user options can be configured, following featurs and Options are missing:
    • API
    • Backend: nameformat, groupformat, sshkeyattr
    • User: loginShell, homeDir, sshkeys, passappsha256, otpsecret, yubikey

Installation:

The best installation method atm is to build the docker image with the included Dockerfile.

  1. Clone Repository
git clone https://github.com/sonicnkt/glauth-ui.git glauth-ui
  1. Run docker build
cd glauth-ui
docker build -t glauthui:latest .
  1. Create container

docker-compose.yaml

version: '3.8'
services:
  glauthui:
    image: glauthui:latest
    container_name: glauthui
    restart: unless-stopped
    ports:
      - 80:5000
    volumes:
      # Mount Folder that contains DB and config file outside the container
      - './docker-data:/home/ldap/db'
    environment:
      - SECRET_KEY=mysuperlongsecretkeythatnobodywillguess
      # MAIL CONFIG
      - MAIL_SERVER=mail.example.com
      - MAIL_PORT=587
      - MAIL_USE_TLS=1
      - MAIL_USERNAME=username
      - MAIL_PASSWORD=password
      - [email protected]

docker-compose up #-d

On first startup (or if DB is empty) a sample database will be created with 2 users and 4 groups. Use the username "j_doe" and password "dogood" to login and have access to the administration interface.

This should be run behind a reverse proxy like nginx that handles https!

  1. Point glauth to the config.cfg created by glauth-ui

Environment Variables:

These can be set using environment variables using docker.

SECRET_KEY=

Should be a long random string to protect against CSRF attacks and should definatly be set in a production environment.

APPNAME=

Short name that will be displayed in the webapp and emails. Default = Glauth UI

ORGANISATION=

Longer organisations name that will show up in emails. Default = LDAP Management Team

ADMIN_GROUP=glauth_admin

Name of the glauth/ldap group which members have admin access to the ui (This can't be an included/nested group atm and must be assigned directly to the user)

FLASK_DEBUG=

Enable Debugging mode in Flask, never enable this for production environment! Default = False

MAIL_SERVER=mail.example.com
MAIL_PORT=587
MAIL_USE_TLS=1
MAIL_USERNAME=username
MAIL_PASSWORD=password
[email protected]

Configure your email provider, MAIL_ADMIN will show up as sender. Default = [email protected]

DATABASE_URL=

Sets the Databsae URI, Default is a sqlite app.db in the apps db/ subdirectory. For MySQL/Maria DB use mysql+pymysql://<user>:<password>@<server>:<port>/<db>. See also (https://flask-sqlalchemy.palletsprojects.com/en/2.x/config/#connection-uri-format) for more Options.

GLAUTH_CFG_PATH=

Sets the Glauth config.cfg path, Default is config.cfg in the apps db/ subdirectory.

Usage:

Login View: Login

After you spun up the container you can login with the sample user j_doe and the password dogood.

Main View: Login

In the main view normal user can change their names and email adress or change their password. Administrators also have access to a email test function and the admin interface.

Main Admin View: Login

In the Admin Interface you can configure your glauth settings, users and groups.

Admin User View: Login

Creating new users: Login

When you create a new user you have the option to send an invite link per mail, the account is disabled until they created their password.

If the password field is left blank when creating new users it will be autogenerated and displayed to the admin but only if the Invite Option is not enabled. Otherwise a random password and a token is generated for users to set their own.

Users without an email adress are not allowed to log into the ui (service accounts).

Admin Group View: Login

Creating new groups: Login

When you create a new group you can select if it is a primary group.

Editing secondary groups: Login

When you edit a non primary group you can assign users and set to include this group in other groups or configure the included groups.

Editing primary groups: Login

When you edit a primary group you can assign users and set which secondary groups it includes. Primary groups can't be included in other primary groups or secondary groups.

Editing glauth settings: Login

You can also change several glauth settings from the ui. These are also stored in the db and are used when generating a new config file so make sure these are correct. Changing those settings require you to restart glauth.

The glauth watchconfig option is missing here, it is automatically added as it is a dependancy for this to work correctly.

This would generate the following config.cfg:

## GLAUTH config backend configuration file

# General configuration
watchconfig = true
debug = true

[ldap]
  enabled = true
  listen = "0.0.0.0:389"

[ldaps]
  enabled = false

# Backend configuration
[backend]
  datastore = "config"
  baseDN = "dc=glauth-example,dc=com"


## LDAP Users configuration
[[users]]
  name = "j_doe"
  givenname = "Jane"
  sn = "Doe"
  mail = "[email protected]"
  unixid = 5001
  primarygroup = 5501
  passsha256 = "6478579e37aff45f013e14eeb30b3cc56c72ccdc310123bcdf53e0333e3f416a"
  otherGroups = [ 5551,5552,5553 ]

[[users]]
  name = "search"
  unixid = 5002
  primarygroup = 5502
  passsha256 = "125844054e30fabcd4182ae69c9d7b38b58d63c067be10ab5ab883d658383316"

[[users]]
  name = "jo_doe"
  givenname = "John"
  sn = "Doe"
  mail = "[email protected]"
  unixid = 5004
  primarygroup = 5501
  passsha256 = "3c8580d143af4b0585a84e7497978aafe550f8687ea52ceb180e8f884fd3319d"
  otherGroups = [ 5551,5552 ]
  disabled = True

## LDAP Groups configuration
[[groups]]
  name = "people"
  unixid = 5501
  # primary user group

[[groups]]
  name = "svcaccts"
  unixid = 5502
  # service accounts

[[groups]]
  name = "glauth_admin"
  unixid = 5551

[[groups]]
  name = "vpn"
  unixid = 5552
  includegroups = [ 5501 ]

[[groups]]
  name = "xmpp"
  unixid = 5553
  includegroups = [ 5501 ]
  # Prosody XMPP Users
Owner
Nils Thiele
Nils Thiele
GitHub Repository
Basic flask system for login, api, and status system

Flask Multi Site With Login This is a basic website login system with an uncomplete api system NOTICE : This is NOT complete and is made to be a bare

MrShoe 0 Feb 02, 2022
Search users in Github. Created with Flask, PipEnv, Heroku and free time.

Search in Github Here search for users in Github and other stuff! This app is working with, Data Github API BackEnd Flask Language Python Package mana

AmirHossein Mohammadi 12 Jan 16, 2022
Rate Limiting extension for Flask

Flask-Limiter Flask-Limiter provides rate limiting features to flask routes. It has support for a configurable backend for storage with current implem

Ali-Akber Saifee 922 Jan 08, 2023
Flask Project Template A full feature Flask project template.

Flask Project Template A full feature Flask project template. See also Python-Project-Template for a lean, low dependency Python app. HOW TO USE THIS

Bruno Rocha 96 Dec 23, 2022
SeaSurf is a Flask extension for preventing cross-site request forgery (CSRF).

Flask-SeaSurf SeaSurf is a Flask extension for preventing cross-site request forgery (CSRF). CSRF vulnerabilities have been found in large and popular

Max Countryman 183 Dec 28, 2022
A web application for a fake pizza store, built in Python with Flask and PostgreSQL.

✨ Pizza Pizza - Pizza Store ✨ A web application for a fake Pizza Store, the app let you create an account and order pizza, complements or drinks. Buil

Bonnie Fave 6 Dec 18, 2022
Cross Origin Resource Sharing ( CORS ) support for Flask

Flask-CORS A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible. This package has a simple philosoph

Cory Dolphin 803 Jan 01, 2023
A Python, Flask login system

Python Login System This is a basic login + authenticason system for flask using Flask_Login and Flask_SQLAlchemy Get started on your own To use this

MrShoe 0 Feb 02, 2022
A Microsub server built with Python Flask and SQLite.

Microsub Server This repository contains the code that powers my personal Microsub server. Microsub is an IndieWeb specification currently in developm

jamesg 8 Oct 26, 2022
flask-apispec MIT flask-apispec (🥉24 · ⭐ 520) - Build and document REST APIs with Flask and apispec. MIT

flask-apispec flask-apispec is a lightweight tool for building REST APIs in Flask. flask-apispec uses webargs for request parsing, marshmallow for res

Joshua Carp 617 Dec 30, 2022
A simple demo of using aiogram + async sqlalchemy 1.4+

aiogram-and-sqlalchemy-demo A simple demo of using aiogram + async sqlalchemy 1.4+ Used tech: aiogram SQLAlchemy 1.4+ PostgreSQL as database asyncpg a

Aleksandr 68 Dec 31, 2022
This is a Flask web app which predicts fare of Flight ticket

Flight Fare Prediction: Table of Content Demo Overview Motivation Installation Deployement on Heroku Directory Tree Bug / Feature Request Future scope

Ayshwarya 1 Jan 24, 2022
This is a small notes web app, with python and flask microframework. Using sqlite3

Python Notes App. This is a small web application maked with flask-python for add notes easily and quickly. Dependencies. You can create a virtual env

Eduard 1 Dec 26, 2021
A swagger 2.0 spec extractor for flask

flask-swagger A Swagger 2.0 spec extractor for Flask You can now specify base path for yml files: app = Flask(__name__) @app.route("/spec") def spec(

Sling 457 Dec 02, 2022
A weather report application build with Python, Flask, and Geopy.

A weather report application build with Python, Flask, and Geopy. Requirements Python 3

Brandon Wallace 6 May 07, 2022
A Python chat app built with Flask that runs in the browser.

A Python chat app built with Flask that runs in the browser. Designed for local area networks that are not connected to the Internet.

Leonard Kleber 1 Dec 23, 2021
A nice anonymous messaging api (Uses Flask's restful api)

anonymous-message-api A nice anonymous message api (Uses Flask's restful api) How it works: 1. The user send a put request to your api server: Require

6 Nov 07, 2021
YAML-formatted plain-text file based models for Flask backed by Flask-SQLAlchemy

Flask-FileAlchemy Flask-FileAlchemy is a Flask extension that lets you use Markdown or YAML formatted plain-text files as the main data store for your

Siddhant Goel 20 Dec 14, 2022
SqlAlchemy Flask-Restful Swagger Json:API OpenAPI

SAFRS: Python OpenAPI & JSON:API Framework Overview Installation JSON:API Interface Resource Objects Relationships Methods Custom Methods Class Method

Thomas Pollet 365 Jan 06, 2023
A simple FastAPI web service + Vue.js based UI over a rclip-style clip embedding database.

Explore CLIP Embeddings in a rclip database A simple FastAPI web service + Vue.js based UI over a rclip-style clip embedding database. A live demo of

18 Oct 15, 2022