Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: Foxpass – SaaS LDAP backed by existing Google Apps identity [beta] (foxpass.com)
25 points by aren on Feb 12, 2015 | hide | past | favorite | 9 comments



I’ve set up an LDAP server at several companies and was always frustrated by how arcane they are to build and operate. So I built a SaaS one (well, a beta anyway) that’s easy to use with a simple web interface for group management, integrates with Google Apps (which is the core identity used by most young companies now), and is scalable and fully redundant. It also serves SSH keys directly to sshd, so users can take care of their own key management (and soon, admins can enforce password and key rotation schedules).

HN, I’d love your feedback!


Sorry, noticed that you submitted and your name is on the website!


[deleted]


It is.


One question: How are you securing the Oauth connection? Oauth2 is nervous-making.

Ok, one more question: If I deprovision someone in GApps, will they automatically deprovision elsewhere? Vice versa? Where's the source of truth?


Great questions.

I think that OAuth2 is all that Google supports right now for Google Apps authentication, at least according to https://developers.google.com/accounts/docs/OAuth2.

And yes, if a user is deprovisioned in GApps then their LDAP credentials are suspended until they are re-activated. The goal of Foxpass is to make GApps the source of truth.


This is a great idea and something I've searched for in the past when looking for a way to authenticate our own internal apps using Google Apps credentials.


I know Aren from school, ad i am familiar with the multitude of problems he has solved at various companies. This should be a plug-and-play solution for others!


This looks really nice! LDAP always seems to take some finessing to work right.

Do you support starttls?


Thanks! "ldaps" (ldap over ssl) is supported (required, actually) but not starttls (yes).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: