Project description

Apricot

Apricot is a proxy for delegating LDAP requests to an OpenID Connect backend. The name is a slightly tortured acronym for: LDAP proxy for OpenID Connect.

Usage

Start the Apricot server on port 8080 by running:

python run.py --client-id "<your client ID>" --client-secret "<your client secret>" --backend "<your backend>" --port 8080 --domain "<your domain name>"

This will create an LDAP tree that looks like this:

dn: DC=<your domain>
objectClass: dcObject

dn: OU=users,DC=<your domain>
objectClass: organizationalUnit
ou: users

dn: OU=groups,DC=<your domain>
objectClass: organizationalUnit
ou: groups

Each user will have an entry like

dn: CN=<user name>,OU=users,DC=<your domain>
objectClass: organizationalPerson
objectClass: person
objectClass: top
objectClass: user
<user data fields here>

Each group will have an entry like

dn: CN=<group name>,OU=groups,DC=<your domain>
objectClass: group
objectClass: top
<group data fields here>

OpenID Connect

Instructions for specific OpenID Connect backends below.

Microsoft Entra

You will need to use the following command line arguments:

--backend MicrosoftEntra --entra-tenant-id "<your tenant ID>"

You will need to register an application to interact with Microsoft Entra. Do this as follows:

Create a new App Registration in your Microsoft Entra.
- Set the name to whatever you choose (in this example we will use apricot)
- Set access to Accounts in this organizational directory only.
- Set Redirect URI to Public client/native (mobile & desktop) with a value of urn:ietf:wg:oauth:2.0:oob
Under Certificates & secrets add a New client secret
- Set the description to Apricot Authentication Secret
- Set the expiry time to whatever is relevant for your use-case
- You must record the value of this secret at creation time, as it will not be visible later.
Under API permissions:
- Ensure that the following permissions are enabled
  - Microsoft Graph > User.Read.All (application)
  - Microsoft Graph > GroupMember.Read.All (application)
- Select this and click the Grant admin consent button (otherwise manual consent is needed from each user)

Project details

These details have not been verified by PyPI

Project links

Release history Release notifications | RSS feed

0.0.6

May 31, 2024

0.0.4

Oct 2, 2023

This version

0.0.3

Sep 28, 2023

0.0.2

Sep 28, 2023

0.0.1

Sep 26, 2023

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

apricot_server-0.0.3.tar.gz (9.0 kB view hashes)

Uploaded Sep 28, 2023 Source

Built Distribution

apricot_server-0.0.3-py3-none-any.whl (11.9 kB view hashes)

Uploaded Sep 28, 2023 Python 3

Hashes for apricot_server-0.0.3.tar.gz

Hashes for apricot_server-0.0.3.tar.gz
Algorithm	Hash digest
SHA256	`5dbed411d57f0ec38913e97ceac020e9e3118147464226d300d37c8fed45909d`
MD5	`1d5f6e5eedb28fb941ad181d3956e1c2`
BLAKE2b-256	`8b9cd29c13ad1a7d0f5660e45dcd199b01886200589cf4498db3b592ef1d5e39`

Hashes for apricot_server-0.0.3-py3-none-any.whl

Hashes for apricot_server-0.0.3-py3-none-any.whl
Algorithm	Hash digest
SHA256	`0622bf766f40795094239cb361bcf393bbf3366520336f2ebdffc14ca00e52ba`
MD5	`d91e5431ac44af8dcdae368140a3a741`
BLAKE2b-256	`dcff03bd73d83dc003dea6cc896fd693f44960c6befb3f7049b745f30e745073`