Postgres is able to check password of an existing role using the LDAP protocol out of the box. ldap2pg automates the creation, update and removal of PostgreSQL roles and users from an entreprise directory.
Managing roles is close to managing privileges as you expect roles to have proper default privileges. ldap2pg can grant and revoke privileges too.
- Reads settings from an expressive YAML config file.
- Creates, alters and drops PostgreSQL roles from LDAP searches.
- Creates static roles from YAML to complete LDAP entries.
- Manages role parents (alias groups).
- Grants or revokes privileges statically or from LDAP entries.
- Dry run, check mode.
- Logs LDAP searches as
- Logs every SQL statements.
ldap2pg is licensed under PostgreSQL license.
ldap2pg requires a configuration file called
Project ships a tested ldap2pg.yml as a starting point.
ldap2pg is a Dalibo Labs project.