Skip to content



Postgres is able to check password of an existing role using the LDAP protocol out of the box. ldap2pg automates the creation, update and removal of PostgreSQL roles and users from an entreprise directory.

Managing roles is close to managing privileges as you expect roles to have proper default privileges. ldap2pg can grant and revoke privileges too.



  • Reads settings from an expressive YAML config file.
  • Creates, alters and drops PostgreSQL roles from LDAP searches.
  • Creates static roles from YAML to complete LDAP entries.
  • Manages role parents (alias groups).
  • Grants or revokes privileges statically or from LDAP entries.
  • Dry run, check mode.
  • Logs LDAP searches as ldapsearch(1) commands.
  • Logs every SQL statements.

ldap2pg is licensed under PostgreSQL license.

ldap2pg requires a configuration file called ldap2pg.yaml. Project ships a tested ldap2pg.yml as a starting point.

ldap2pg is reported to work with OpenLDAP, FreeIPA, Oracle Internet Directory and Microsoft Active Directory.


If you need support and you didn’t found it in documentation, just drop a question in a GitHub issue! French accepted. Don’t miss the cookbook for advanced use cases.


ldap2pg is a Dalibo Labs project.