Glim, a simple identity access management system

Glim a simple identity access management system that speaks some LDAP and has a REST API to manage users and groups

I love Go. It’s a lovely programming language that is quite popular for system programming and command-line tools. For a time I’ve tried to find a project that I could use with Go and learn more about it.

A few days ago I’ve published in Github, Glim. Glim is a simple identity access management system that speaks some LDAP and is written in Go. Glim stands for Golang LDAP Identity Management.

Glim is a server that can store user and group accounts in a SQLite database (Postgres support will be added soon) and can understand some of the LDAP protocol so it can answer authentication queries from applications like Rancher, Portainer CE, Harbor… and many more. I say that Glim speak some LDAP because I haven’t developed a full LDAP server replacement but it can understand bind operations and some queries, which are the only things needed to be able to speak with applications that use LDAP to authenticate user. Also Glim provides a REST API that can be used to manage and get accounts information.

While Glim is still in alpha, I’ve tested it against some tools and I’ve provided some examples about how to configure those applications. In the following weeks I’ll provide support for more tools and new features.

This is how I could some accounts using Glim.

$ GLIM_API_SECRET="mysecret" glim server start

$ glim login -u cedric.daniels
Password: 
Login Succeeded

$ glim user

UID    USERNAME        FULLNAME             EMAIL                GROUPS               MANAGER  READONLY LOCKED  
1      admin           LDAP administrator                        none                 true     false    false   
2      search                                                    none                 false    true     false   
3      cedric.daniels  Cedric Daniels       cedric.daniels@ba... none                 true     false    false   
4      kima.greggs     Kima Greggs          kima.greggs@balti... none                 false    false    false   
5      jimmy.mcnulty   Jimmy McNulty        jimmy.mcnulty@bal... none                 false    false    false

$ glim group create -n homicides -d "Homicides" -m jimmy.mcnulty,kima.greggs,cedric.daniels
Group created

$ glim group

GID    GROUP                DESCRIPTION                         MEMBERS                                           
1      homicides            Homicides Department                cedric.daniels, kima.greggs, jimmy.mcnulty

$ glim user create -u lester.freamon -e lester.freamon@baltimorepolice.org
Password:
Confirm password:
User created

$ glim user rm -u jimmy.mcnulty
User account deleted

$ LDAPTLS_CACERT=/home/cedric/.glim/ca.pem ldapwhoami -x -D "cn=admin,dc=example,dc=org" -W -H ldaps://127.0.0.1:1636
Enter LDAP Password:
dn:cn=admin,dc=example,dc=org 

$ glim logout

$ glim server stop

Soon, I’ll publish some videos about Glim and how it works.

Cheers