LDAP Centralized Authentication

[Zamanry]

Hello, love the project! My company has been using Cracklord for years. We would like to deploy a Python based tooling like this repository on our cracking systems. However, we need to have it Active Directory connected. Have you considered adding LDAP and LDAPS support? Would love this feature in addition to adding local accounts.

[i128]

Yes, this is something we'd love to implement in the future. I don't think it'll be in the next release, but hopefully down the road it will be.

[tautology0]

Can I add a +1 for this - we're looking at migrating from crackerjack to hashview; but the lack of LDAP is a big sticking point.

[i128]

So I think one of the challenges i need to figure out is how to handle multiple scenarios for different authentication backends.

1. database
2. on prem LDAP
3. Azure/Entra

Things to consider,

• How do we handle access to the app if 2/3 are in accessible.
• Currently users are assigned a unique id in the DB. From there objects created within hashview are associated with those user id's. Wordlists, tasks, etc. How does switching to LDAP/Azure/Entra affect that. Do we still add users to a local database and then just point to the 3rd party for authentication? Do we require a unique ldap attribute as the user id for object ownership?
• What happens when a user is removed from AD? what happens to the objects in hashview? currently, when a user is removed from the database, a flow is triggered to remove any associated wordlists/rules, etc. Perhaps an option would be to re-assign them, but to whom? an admin?
• Do we keep admins as local auth against a db?

lets say this is all answered and solved. Then we need to figure out how to migrate existing users to ldap users, or at least their object ownership.