ldap2pg is a simple yet powerful tool to synchronize Postgres roles and ACLs
from LDAP directories, including OpenLDAP and Active Directory.
Project goals include stability, portability, high configurability, state of the art code quality and nice user experience.
- Creates, alter and drops PostgreSQL roles from LDAP queries.
- Creates static roles from YAML to complete LDAP entries.
- Manage role members (alias groups).
- Grant or revoke ACL statically or from LDAP entries.
- Dry run.
- Logs LDAP queries as
- Logs every SQL queries.
- Reads settings from an expressive YAML config file.
Just use PyPI as any regular Python project:
# apt install -y libldap2-dev libsasl2-dev # pip3 install ldap2pg # ldap2pg --help
# curl -LO https://github.com/dalibo/ldap2pg/raw/master/ldap2pg.yml # editor ldap2pg.yml
Finally, it’s up to you to use
ldap2pg in a crontab or a playbook. Have fun!