

Show HN: Foxpass – SaaS LDAP backed by existing Google Apps identity [beta] - aren
https://www.foxpass.com

======
aren
I’ve set up an LDAP server at several companies and was always frustrated by
how arcane they are to build and operate. So I built a SaaS one (well, a beta
anyway) that’s easy to use with a simple web interface for group management,
integrates with Google Apps (which is the core identity used by most young
companies now), and is scalable and fully redundant. It also serves SSH keys
directly to sshd, so users can take care of their own key management (and
soon, admins can enforce password and key rotation schedules).

HN, I’d love your feedback!

~~~
benjarrell
Sorry, noticed that you submitted and your name is on the website!

------
chunsaker
One question: How are you securing the Oauth connection? Oauth2 is nervous-
making.

Ok, one more question: If I deprovision someone in GApps, will they
automatically deprovision elsewhere? Vice versa? Where's the source of truth?

~~~
aren
Great questions.

I think that OAuth2 is all that Google supports right now for Google Apps
authentication, at least according to
[https://developers.google.com/accounts/docs/OAuth2](https://developers.google.com/accounts/docs/OAuth2).

And yes, if a user is deprovisioned in GApps then their LDAP credentials are
suspended until they are re-activated. The goal of Foxpass is to make GApps
the source of truth.

------
zackangelo
This is a great idea and something I've searched for in the past when looking
for a way to authenticate our own internal apps using Google Apps credentials.

------
toli
I know Aren from school, ad i am familiar with the multitude of problems he
has solved at various companies. This should be a plug-and-play solution for
others!

------
benjarrell
This looks really nice! LDAP always seems to take some finessing to work
right.

Do you support starttls?

~~~
aren
Thanks! "ldaps" (ldap over ssl) is supported (required, actually) but not
starttls (yes).

