[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-5629":3},{"id":4,"name":5,"fullName":6,"owner":5,"repo":5,"description":7,"homepage":8,"htmlUrl":9,"language":10,"languages":9,"totalLinesOfCode":9,"stars":11,"forks":12,"watchers":13,"openIssues":14,"contributorsCount":15,"subscribersCount":15,"size":15,"stars1d":16,"stars7d":17,"stars30d":18,"stars90d":15,"forks30d":15,"starsTrendScore":19,"compositeScore":20,"rankGlobal":9,"rankLanguage":9,"license":21,"archived":22,"fork":22,"defaultBranch":23,"hasWiki":24,"hasPages":22,"topics":25,"createdAt":9,"pushedAt":9,"updatedAt":33,"readmeContent":34,"aiSummary":35,"trendingCount":15,"starSnapshotCount":15,"syncStatus":36,"lastSyncTime":37,"discoverSource":38},5629,"lldap","lldap\u002Flldap","Light LDAP implementation","",null,"Rust",6300,337,17,88,0,3,20,76,18,38.59,"GNU General Public License v3.0",false,"main",true,[26,27,28,29,30,31,32],"authentication","ldap","opaque","rust","security","wasm","web-assembly","2026-06-12 02:01:13","\u003Ch1 align=\"center\">lldap - Light LDAP implementation for authentication\u003C\u002Fh1>\n\n\u003Cp align=\"center\">\n\u003Ci style=\"font-size:24px\">LDAP made easy.\u003C\u002Fi>\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n  \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Flldap\u002Flldap\u002Factions\u002Fworkflows\u002Frust.yml?query=branch%3Amain\">\n    \u003Cimg\n      src=\"https:\u002F\u002Fgithub.com\u002Flldap\u002Flldap\u002Factions\u002Fworkflows\u002Frust.yml\u002Fbadge.svg\"\n      alt=\"Build\"\u002F>\n  \u003C\u002Fa>\n  \u003Ca href=\"https:\u002F\u002Fdiscord.gg\u002Fh5PEdRMNyP\">\n    \u003Cimg alt=\"Discord\" src=\"https:\u002F\u002Fimg.shields.io\u002Fdiscord\u002F898492935446876200?label=discord&logo=discord\" \u002F>\n  \u003C\u002Fa>\n\n  \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fnitnelave1?ref_src=twsrc%5Etfw\">\n    \u003Cimg\n      src=\"https:\u002F\u002Fimg.shields.io\u002Ftwitter\u002Ffollow\u002Fnitnelave1?style=social\"\n      alt=\"Twitter Follow\"\u002F>\n  \u003C\u002Fa>\n  \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Frust-secure-code\u002Fsafety-dance\u002F\">\n    \u003Cimg\n      src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Funsafe-forbidden-success.svg\"\n      alt=\"Unsafe forbidden\"\u002F>\n  \u003C\u002Fa>\n  \u003Ca href=\"https:\u002F\u002Fapp.codecov.io\u002Fgh\u002Flldap\u002Flldap\">\n    \u003Cimg alt=\"Codecov\" src=\"https:\u002F\u002Fimg.shields.io\u002Fcodecov\u002Fc\u002Fgithub\u002Flldap\u002Flldap\" \u002F>\n  \u003C\u002Fa>\n  \u003Cbr\u002F>\n  \u003Ca href=\"https:\u002F\u002Fwww.buymeacoffee.com\u002Fnitnelave\" target=\"_blank\">\n    \u003Cimg src=\"https:\u002F\u002Fwww.buymeacoffee.com\u002Fassets\u002Fimg\u002Fcustom_images\u002Forange_img.png\" alt=\"Buy Me A Coffee\" style=\"height: 41px !important;width: 174px !important;box-shadow: 0px 3px 2px 0px rgba(190, 190, 190, 0.5) !important;-webkit-box-shadow: 0px 3px 2px 0px rgba(190, 190, 190, 0.5) !important;\" >\n  \u003C\u002Fa>\n\u003C\u002Fp>\n\n- [About](#about)\n- [Installation](docs\u002Finstall.md)\n- [Usage](#usage)\n  - [Recommended architecture](#recommended-architecture)\n- [Client configuration](#client-configuration)\n  - [Known compatible services](#known-compatible-services)\n  - [General configuration guide](#general-configuration-guide)\n  - [Incompatible services](#incompatible-services)\n- [Frequently Asked Questions](#frequently-asked-questions)\n- [Contributions](#contributions)\n\n## About\n\nThis project is a lightweight authentication server that provides an\nopinionated, simplified LDAP interface for authentication. It integrates with\nmany backends, from KeyCloak to Authelia to Nextcloud and\n[more](#compatible-services)!\n\n\u003Cimg\n  src=\"https:\u002F\u002Fraw.githubusercontent.com\u002Flldap\u002Flldap\u002Fmaster\u002Fscreenshot.png\"\n  alt=\"Screenshot of the user list page\"\n  width=\"50%\"\n  align=\"right\"\n\u002F>\n\nIt comes with a frontend that makes user management easy, and allows users to\nedit their own details or reset their password by email.\n\nThe goal is _not_ to provide a full LDAP server; if you're interested in that,\ncheck out OpenLDAP. This server is a user management system that is:\n\n- simple to setup (no messing around with `slapd`),\n- simple to manage (friendly web UI),\n- low resources,\n- opinionated with basic defaults so you don't have to understand the\n  subtleties of LDAP.\n\nIt mostly targets self-hosting servers, with open-source components like\nNextcloud, Airsonic and so on that only support LDAP as a source of external\nauthentication.\n\nFor more features (OAuth\u002FOpenID support, reverse proxy, ...) you can install\nother components (KeyCloak, Authelia, ...) using this server as the source of\ntruth for users, via LDAP.\n\nBy default, the data is stored in SQLite, but you can swap the backend with\nMySQL\u002FMariaDB or PostgreSQL.\n\n## Installation\n\nIt's possible to install lldap from OCI images ([docker](docs\u002Finstall.md#with-docker)\u002F[podman](docs\u002Finstall.md#with-podman)), from [Kubernetes](docs\u002Finstall.md#with-kubernetes), [TrueNAS](docs\u002Finstall.md#truenas-scale), or from [a regular distribution package manager](docs\u002Finstall.md\u002F#from-a-package-repository) (Archlinux, Debian, CentOS, Fedora, OpenSuse, Ubuntu, FreeBSD).\n\nBuilding [from source](docs\u002Finstall.md#from-source) and [cross-compiling](docs\u002Finstall.md#cross-compilation) to a different hardware architecture is also supported.\n\n## Usage\n\nThe simplest way to use LLDAP is through the web front-end. There you can\ncreate users, set passwords, add them to groups and so on. Users can also\nconnect to the web UI and change their information, or request a password reset\nlink (if you configured the SMTP client).\n\nYou can create and manage custom attributes through the Web UI, or through the\ncommunity-contributed CLI frontend (\n[Zepmann\u002Flldap-cli](https:\u002F\u002Fgithub.com\u002FZepmann\u002Flldap-cli)). This is necessary\nfor some service integrations.\n\nThe [bootstrap.sh](scripts\u002Fbootstrap.sh) script can enforce a list of\nusers\u002Fgroups\u002Fattributes from a given file, reflecting it on the server.\n\nTo manage the user, group and membership lifecycle in an infrastructure-as-code\nscenario you can use the unofficial [LLDAP terraform provider in the terraform registry](https:\u002F\u002Fregistry.terraform.io\u002Fproviders\u002Ftasansga\u002Flldap\u002Flatest).\n\nLLDAP is also very scriptable, through its GraphQL API. See the\n[Scripting](docs\u002Fscripting.md) docs for more info.\n\n### Recommended architecture\n\nIf you are using containers, a sample architecture could look like this:\n\n- A reverse proxy (e.g. nginx or Traefik)\n- An authentication service (e.g. Authelia, Authentik or KeyCloak) connected to\n  LLDAP to provide authentication for non-authenticated services, or to provide\n  SSO with compatible ones.\n- The LLDAP service, with the web port exposed to Traefik.\n  - The LDAP port doesn't need to be exposed, since only the other containers\n    will access it.\n  - You can also set up LDAPS if you want to expose the LDAP port to the\n    internet (not recommended) or for an extra layer of security in the\n    inter-container communication (though it's very much optional).\n  - The default LLDAP container starts up as root to fix up some files'\n    permissions before downgrading the privilege to the given user. However,\n    you can (should?) use the `*-rootless` version of the images to be able to\n    start directly as that user, once you got the permissions right. Just don't\n    forget to change from the `UID\u002FGID` env vars to the `uid` docker-compose\n    field.\n- Any other service that needs to connect to LLDAP for authentication (e.g.\n  NextCloud) can be added to a shared network with LLDAP. The finest\n  granularity is a network for each pair of LLDAP-service, but there are often\n  coarser granularities that make sense (e.g. a network for the \\*arr stack and\n  LLDAP).\n\n## Client configuration\n\n### Known compatible services\n\nMost services that can use LDAP as an authentication provider should work out\nof the box. For new services, it's possible that they require a bit of tweaking\non LLDAP's side to make things work. In that case, just create an issue with\nthe relevant details (logs of the service, LLDAP logs with `verbose=true` in\nthe config).\n\nSome specific clients have been tested to work and come with sample\nconfiguration files, or guides. See the [`example_configs`](example_configs\u002FREADME.md)\nfolder for example configs for integration with specific services.\n\nIntegration with Linux accounts is possible, through PAM and nslcd. See [PAM\nconfiguration guide](example_configs\u002Fpam\u002FREADME.md). Integration with Windows (e.g. Samba) is WIP.\n\n### General configuration guide\n\nTo configure the services that will talk to LLDAP, here are the values:\n\n- The LDAP user DN is from the configuration. By default,\n  `cn=admin,ou=people,dc=example,dc=com`.\n- The LDAP password is from the configuration (same as to log in to the web\n  UI).\n- The users are all located in `ou=people,` + the base DN, so by default user\n  `bob` is at `cn=bob,ou=people,dc=example,dc=com`.\n- Similarly, the groups are located in `ou=groups`, so the group `family`\n  will be at `cn=family,ou=groups,dc=example,dc=com`.\n\nTesting group membership through `memberOf` is supported, so you can have a\nfilter like: `(memberOf=cn=admins,ou=groups,dc=example,dc=com)`.\n\nThe administrator group for LLDAP is `lldap_admin`: anyone in this group has\nadmin rights in the Web UI. Most LDAP integrations should instead use a user in\nthe `lldap_strict_readonly` or `lldap_password_manager` group, to avoid granting full\nadministration access to many services. To prevent privilege escalation users in the\n`lldap_password_manager` group are not allowed to change passwords of admins in the\n`lldap_admin` group.\n\n### Incompatible services\n\nThough we try to be maximally compatible, not every feature is supported; LLDAP\nis not a fully-featured LDAP server, intentionally so.\n\nLDAP browsing tools are generally not supported, though they could be. If you\nneed to use one but it behaves weirdly, please file a bug.\n\nSome services use features that are not implemented, or require specific\nattributes. You can try to create those attributes (see custom attributes in\nthe [Usage](#usage) section).\n\nFinally, some services require password hashes so they can validate themselves\nthe user's password without contacting LLDAP. This is not and will not be\nsupported, it's incompatible with our password hashing scheme (a zero-knowledge\nproof). Furthermore, it's generally not recommended in terms of security, since\nit duplicates the places from which a password hash could leak.\n\nIn that category, the most prominent is Synology. It is, to date, the only\nservice that seems definitely incompatible with LLDAP.\n\n## Frequently Asked Questions\n\n- [I can't login](docs\u002Ffaq.md#i-cant-log-in)\n- [Discord Integration](docs\u002Ffaq.md#discord-integration)\n- [Migrating from SQLite](docs\u002Ffaq.md#migrating-from-sqlite)\n- How does lldap compare [with OpenLDAP](docs\u002Ffaq.md#how-does-lldap-compare-with-openldap)? [With FreeIPA](docs\u002Ffaq.md#how-does-lldap-compare-with-freeipa)? [With Kanidm](docs\u002Ffaq.md#how-does-lldap-compare-with-kanidm)?\n- [Does lldap support vhosts?](docs\u002Ffaq.md#does-lldap-support-vhosts)\n- [Does lldap provide commercial support contracts?](docs\u002Ffaq.md#does-lldap-provide-commercial-support-contracts)\n- [Can I make a donation to fund development?](docs\u002Ffaq.md#can-i-make-a-donation-to-fund-development)\n- [Is lldap sustainable? Can we depend on it for our infrastructure?](docs\u002Ffaq.md#is-lldap-sustainable-can-we-depend-on-it-for-our-infrastructure)\n\n## Contributions\n\nContributions are welcome! Just fork and open a PR. Or just file a bug.\n\nWe don't have a code of conduct, just be respectful and remember that it's just\nnormal people doing this for free on their free time.\n\nMake sure that you run `cargo fmt` from the root before creating the PR. And if\nyou change the GraphQL interface, you'll need to regenerate the schema by\nrunning `.\u002Fexport_schema.sh`.\n\nJoin our [Discord server](https:\u002F\u002Fdiscord.gg\u002Fh5PEdRMNyP) if you have any\nquestions!\n","lldap\u002Flldap 是一个轻量级的LDAP实现，专为简化认证过程而设计。它采用Rust语言编写，具有低资源占用、易于设置和管理的特点，并提供了一个友好的Web界面以方便用户管理和个人信息维护。该项目支持多种后端服务集成，如KeyCloak、Authelia及Nextcloud等开源组件，特别适合那些需要外部LDAP认证但又希望避免复杂配置的小型自托管服务器环境使用。此外，通过遵循严格的不使用unsafe代码的安全编码实践，lldap确保了软件的安全性与稳定性。",2,"2026-06-11 03:04:24","top_language"]