Project Lightwave is an open source project comprised of enterprise-grade, identity and access management services targeting critical security, governance, and compliance challenges for Cloud-Native Apps within the enterprise. Through integration with Project Photon, Project Lightwave can provide security and governance for container workloads. Project Lightwave can also serve a variety of use cases such as single sign-on, authentication, authorization and certificate authority, as well as certificate key management services across the entire infrastructure and application stack. Project Lightwave is based on a production quality code and an enterprise-grade architecture that is multi-tenant, scalable, and highly available multi master replication topology.
Project Lightwave is made up of the following key identity infrastructure elements:
- Lightwave Directory Service - standards based, multi-tenant, multi-master, highly scalable LDAP v3 directory service enables an enterprise’s infrastructure to be used by the most-demanding applications as well as by multiple teams.
- Lightwave Certificate Authority - directory integrated certificate authority helps to simplify certificate-based operations and key management across the infrastructure.
- Lightwave Certificate Store - endpoint certificate store to store certificate credentials.
- Lightwave Authentication Services - cloud authentication services with support for Kerberos, OAuth 2.0/OpenID Connect, SAML and WSTrust enable interoperability with other standards-based technologies in the data center.
- Lightwave Domain Name Services - directory integrated domain name service to ensure Kerberos Authentication to the Directory Service and Authentication Service (STS). It also support for site-affinity using SRV records as well as DNS Forwarders.
Lightwave uses following existing open source packages.
- OpenLDAP
OpenLDAP is used for the LDAP server protocol head and the OpenLDAP Lightning MDB embedded database is used as the underlying LDAP store
- Heimdal Kerberos
The Heimdal Kerberos stack is used as the Kerberos protocol head.
- DCE/RPC
DCE/RPC is used as the control infrastructure for configuration of the Lightwave LDAP directory service
- Likewise Open
The Likewise Open stack is used for its service control infrastructure, its registry infrastructure and its NT Security Descriptor support. Likewise Open also provides a easy mechanism to provide ssh support for Lightwave clients The first three packages are co-located within the Lightwave project. The Likewise Open project is a separate project and needs to be built from a separate git repository. A binary RPM is also available, please see instructions below to add the repository.
git clone ssh://[email protected]/vmware/lightwave.git
These build instructions are to build Lightwave on VMware's Photon Linux distribution. (See wiki for building on other platforms)
-
Clone lightwave git repository onto your Photon (Full) installation.
-
Ensure likewise-open-devel-6.2..x86_64.rpm is installed on your Photon system.
-
Run ./build_photon.sh* in [workspace]/build
-
As part of a successful build, the following RPMs should be created in the [workspace]/build/stage directory
-
lightwave-1.3.0-0.x86_64.rpm
-
lightwave-client-1.3.0-0.x86_64.rpm
-
lightwave-devel-1.3.0-0.x86_64.rpm
-
lightwave-post-1.3.0-0.x86_64.rpm
-
lightwave-mutentca-1.3.0-0.x86_64.rpm
-
lightwave-server-1.3.0-0.x86_64.rpm
-
A Lightwave platform comprises of Lightwave Domain Controllers and Lightwave Domain Clients.
Pre-built binaries for Lightwave are available through the following YUM repositories that can be configured on your Photon deployment.
After the following YUM repositories have been configured, it should be possible to install the Lightwave Domain Controller and Lightwave Clients using "tdnf install vmware-lightwave-server" and "tdnf install vmware-lightwave-clients" respectively.
Note : After configuring the following YUM repositories, please disable the photon-iso.repo; this is achieved by setting "enabled=0" in /etc/yum.repos.d/photon-iso.repo.
Create the file "/etc/yum.repos.d/lightwave.repo" with the following contents.
[lightwave]
name=VMware Lightwave 1.0(x86_64)
baseurl=https://dl.bintray.com/vmware/lightwave
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY
gpgcheck=0
enabled=1
skip_if_unavailable=True
[lightwave]
name=VMware Lightwave for Photon 2.0(x86_64)
baseurl=https://vmware.bintray.com/lightwave-dev/photon_2.0/master
gpgcheck=0
enabled=1
skip_if_unavailable=True
EOM
Create the file "/etc/yum.repos.d/photon-extras.repo" with the following contents.
[photon-extras]
name=VMware Photon Extras 1.0(x86_64)
baseurl=https://dl.bintray.com/vmware/photon_extras
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY
gpgcheck=0
enabled=1
skip_if_unavailable=True
[photon-extras]
name=VMware Photon Extras 2.0(x86_64)
baseurl=https://dl.bintray.com/vmware/photon_extras_$releasever_$basearch
gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY
gpgcheck=1
enabled=1
skip_if_unavailable=True
You must first install the following packages on your Photon instance
- lightwave-client
- lightwave-server
- lightwave
For installing these simply execute the following tdnf commands:
tdnf makecache
tdnf install lightwave-client lightwave lightwave-server
tdnf makecache
tdnf install lightwave-client-1.3.1 lightwave-1.3.1 lightwave-server-1.3.1
This should pull all required depencies for lightwave.
This is step is required for every lightwave node. Edit the /etc/hosts file to look like given below: NOTE You should replace the variables with appropriate values as they may not be set by default on a fresh PhotonOS install.
echo -e "127.0.0.1\tlocalhost" > /etc/hosts
echo -e "${VM_IP}\t${VM_HOSTNAME}.${VM_DOMAIN_NAME} ${VM_HOSTNAME}" >> /etc/hosts
hostnamectl set-hostname --static ${VM_HOSTNAME}
Note that the VM_DOMAIN_NAME can be chosen for the first server and should be the same for all partner nodes in a cluster.
/opt/vmware/bin/configure-lightwave-server --password <password>
/opt/vmware/bin/configure-lightwave-server --password <password> \
--server <hostname or ip-address of partner instance>
Notes:
-
The password specified for the domain administrator must be at least 8 characters, include an upper case letter, a lower case letter, a digit and a special character.
-
Make sure to assign a static ip address or a dhcp-address with a reservation to the system before promoting it to be a domain controller.
The following packages are required to join the Photon system to the Lightwave Domain.
- lightwave-client-1.3.0-0.x86_64.rpm
If using the YUM repositories for the pre-built binaries, install the Lightwave Domain Client using "tdnf install vmware-lightwave-clients".
/opt/vmware/bin/domainjoin join <domain hostname>
You are invited to contribute new features, fixes, or updates, large or small; we are always thrilled to receive pull requests, and do our best to process them as fast as we can. If you wish to contribute code and you have not signed our contributor license agreement (CLA), our bot will update the issue when you open a Pull Request. For any questions about the CLA process, please refer to our FAQ.
Before you start to code, we recommend discussing your plans through a GitHub issue or discuss it first with the official project maintainers via the #Lightwave Slack Channel, especially for more ambitious contributions. This gives other contributors a chance to point you in the right direction, give you feedback on your design, and help you find out if someone else is working on the same thing.
Lightwave is available under the Apache 2 license.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent