Swiss-army knife to synchronize Postgres roles and ACLs from any LDAP directory.
- Creates, alter and drops PostgreSQL roles from LDAP queries.
- Creates static roles from YAML to complete LDAP entries.
- Manage role members (alias groups).
- Grant or revoke custom ACL statically or from LDAP entries.
- Dry run.
- Logs LDAP queries as
ldapsearch
commands. - Logs every SQL queries.
- Reads settings from YAML config file.
Here is a sample configuration and execution:
$ cat ldap2pg.minimal.yml
sync_map:
- role:
name: ldap
options: NOLOGIN
- ldap:
base: ou=people,dc=ldap,dc=ldap2pg,dc=docker
filter: "(objectClass=organizationalRole)"
attribute: cn
role:
name_attribute: cn
options: LOGIN
parent: ldap
$ ldap2pg --color --config ldap2pg.minimal.yml --real 2>&1 | sed s,bersace,...,g
Starting ldap2pg 2.0a3.
Using /home/.../src/dalibo/ldap2pg/ldap2pg.minimal.yml.
Running in real mode.
Inspecting Postgres...
Querying LDAP ou=people,dc=ldap,dc=ldap2pg,dc=docker...
Create alan.
Create albert.
Create dave.
Create donald.
Create ldap.
Add ldap members.
Update options of alice.
Reassign oscar objects and purge ACL on frontend.
Reassign oscar objects and purge ACL on postgres.
Reassign oscar objects and purge ACL on template1.
Drop oscar.
Synchronization complete.
$
See versionned ldap2pg.yml and documentation for further options.
Install it from PyPI tarball:
pip install ldap2pg
More details can be found in documentation.
ldap2pg
is licensed under PostgreSQL license.