ldap2pg is a simple yet powerful tool to synchronize Postgres roles and ACLs from LDAP directories, including OpenLDAP and Active Directory.

Project goals include stability, portability, high configurability, state of the art code quality and nice user experience.


Highlighted features

  • Creates, alter and drops PostgreSQL roles from LDAP queries.
  • Creates static roles from YAML to complete LDAP entries.
  • Manage role members (alias groups).
  • Grant or revoke ACL statically or from LDAP entries.
  • Dry run.
  • Logs LDAP queries as ldapsearch commands.
  • Logs every SQL queries.
  • Reads settings from an expressive YAML config file.

Quick installation

Just use PyPI as any regular Python project:

# apt install -y libldap2-dev libsasl2-dev
# pip3 install ldap2pg
# ldap2pg --help

Now you must configure Postgres and LDAP connections, then synchronisation map in ldap2pg.yml. The dumb but tested ldap2pg.yml is a good way to start.

# curl -LO https://github.com/dalibo/ldap2pg/raw/master/ldap2pg.yml
# editor ldap2pg.yml

Finally, it’s up to you to use ldap2pg in a crontab or a playbook. Have fun!