README
¶
LDAP Bridge for Google Workspace
This service implement an LDAP server using user and group information from Google Workspace Admin API.
The server is intended to be used as a group mapping info provider for Palo Alto Networks firewalls.
Setup
- Set
GOOGLE_APPLICATION_CREDENTIALS=/path/to/serviceaccount.json(see next section) - Run Docker with
--impersonate domain-admin@example.com --base-dn example.com
Service account
If using service account for authentication, make sure it is configured for Domain-wide delegation.
Scopes needed
- https://www.googleapis.com/auth/admin.directory.user.readonly
- https://www.googleapis.com/auth/admin.directory.group.readonly
- https://www.googleapis.com/auth/admin.directory.group.member.readonly
Directory layout
See docs
Caveats
- This dump the entire Google directory (users/groups) into memory, so it would take long time to start
memberOfon user is not implemented- Binds is not implemented. Any bind on the base DN would return success
- SASL is not implemented in the upstream library. Don't send SASL request to this server!
- This is NOT a drop in replacement for Secure LDAP service
License
Documentation
¶
There is no documentation for this package.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.