Open in app

Sign in

Write

Sign in

Mocking Microsoft Active Directory (AD) with GLAuth on WSL and Ubuntu Server

tanut aran
2 min readMar 25, 2024

--

The closest thing to mock the Microsoft Active Directory (AD) I have discovered so far is GLAuth.

https://glauth.github.io/ and doc page here https://glauth.github.io/docs/

OpenLdap and PHPLdapAdmin is old, hard and has some difference with the real AD.

Installation, Up and Running

First go to the download page https://github.com/glauth/glauth/releases

Select your OS and press the download.

Mine is on Window WSL so I use glauth-linux-amd64

Right click copy link and download it with wget

wget https://github.com/glauth/glauth/releases/download/v2.3.2/glauth-linux-amd64

chmod +x glauth-linux-amd64

./glauth-linux-amd64

At this point you should see the help screen.

Now we create the config file config.cfg and copy the content to your file.

The sample config file from official doc is hard.

I try to be minimal and simple here.

debug = false
[ldap]
  enabled = true
  # run on a non privileged port
  listen = "0.0.0.0:3893"
  tls = false
[ldaps]
  enabled = false
[backend]
  datastore = "config"
  baseDN = "dc=example,dc=com"
  nameformat = "cn"
  groupformat = "ou"
[[users]]
  name = "staff 1"
  uidnumber = 5001
  mail = "staff1@example.com"
  primarygroup = 5501
  passsha256 = "2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae" # foo
    [[users.customattributes]]
    employeeType = ["Officer"]
    employeeNumber = [12345]
[[groups]]
  name = "finance"
  gidnumber = 5501

# How to make SHA pass
# echo -n "foo" | openssl dgst -sha256

Note that cutomattributesmust always be in the array format no matter it has only one value

Then run the server

./glauth -c config.cfg

Test with ldapsearch command

If you don’t have the search command, install it by

sudo apt install ldap-utils

Then test the command with Microsoft Active Directory Style format

ldapsearch -x -H ldap://localhost:3893 \
-D "staff1@example.com" \
-b "dc=example,dc=com" \
-w mypass "(cn=staff1)"

You should see the result of user queried


employeeType: Officer
employeeNumber: 12345

Bonus: Running as a System-d Service

Go to folder /etc/systemd/system and create file glauth.service and fill with the following configuration

[Unit]
Description=Mock LDAP by GLAuth

[Service]
User=ubuntu
WorkingDirectory=/home/ubuntu
ExecStart=/home/ubuntu/glauth-linux-amd64 -c config.cfg
# optional items below
Restart=always
RestartSec=3

Then reload and run the service

sudo systemctl daemon-reload
sudo systemctl start glauth.service
sudo systemctl status glauth.service

# Should see active (running)
Programming
Web Development
Backend

--

--

tanut aran
tanut aran

Written by tanut aran

82 Followers
12 Following

Co-founder and Coder at work !

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams