ldap2pg

Out of the box, PostgreSQL is able to check password of an existing role using the LDAP protocol. ldap2pg automates the creation, update and removal of PostgreSQL roles and users from an entreprise directory.

Managing roles is close to managing privileges as you expect roles to have proper default privileges. ldap2pg can grant and revoke privileges too.

Features

• Reads settings from an expressive YAML config file.
• Creates, alters and drops PostgreSQL roles from LDAP searches.
• Creates static roles from YAML to complete LDAP entries.
• Manages role parents (alias groups).
• Grants or revokes privileges statically or from LDAP entries.
• Dry run, check mode.
• Logs LDAP searches as ldapsearch(1) commands.
• Logs every SQL statements.

ldap2pg is licensed under PostgreSQL license.

ldap2pg requires a configuration file called ldap2pg.yaml. Project ships a tested ldap2pg.yml as a starting point.

ldap2pg is reported to work with Samba DC, OpenLDAP, FreeIPA, Oracle Internet Directory and Microsoft Active Directory.

Support

If you need support and you didn’t found it in documentation, just drop a question in a GitHub discussions! 🇫🇷 Possible en français. Don’t miss the cookbook for advanced use cases.

Authors

ldap2pg is a Dalibo Labs project.

• Étienne BERSAC and Pierre-Louis GONON develop.
• Damien Cazeils designed the logo.
• Harold le CLÉMENT de SAINT-MARCQ implemented LDAP sub searches.
• Randolph Voorhies implemented role configuration synchronization.