Swiss-army knife to synchronize Postgres roles and privileges from YAML or LDAP.
- Creates, alters and drops PostgreSQL roles from LDAP queries.
- Creates static roles from YAML to complete LDAP entries.
- Manages role members (alias groups).
- Grants or revokes privileges statically or from LDAP entries.
- Dry run.
- Logs LDAP queries as
ldapsearchcommands. - Logs every SQL query.
- Reads settings from an expressive YAML config file.
Here is a sample configuration and execution:
$ cat docs/ldap2pg.minimal.yml
- role:
name: ldap_roles
options: NOLOGIN
- ldap:
base: ou=people,dc=ldap,dc=ldap2pg,dc=docker
filter: "(objectClass=organizationalRole)"
role:
name: '{cn}'
options: LOGIN
parent: ldap_roles
$ ldap2pg --config docs/ldap2pg.minimal.yml --real
Starting ldap2pg 4.9.
Using .../docs/ldap2pg.minimal.yml.
Running in real mode.
Inspecting roles in Postgres cluster...
Querying LDAP ou=people,dc=ldap,dc=lda... (objectClass...
Create albert.
Create alter.
Create didier.
Create dorothée.
Create ldap_roles.
Update options of alan.
Update options of alice.
Add missing ldap_roles members.
Delete spurious ldap_roles members.
Reassign oscar objects and purge ACL on appdb.
Reassign oscar objects and purge ACL on olddb.
Drop oscar.
Synchronization complete.
$
See versionned ldap2pg.yml and documentation for further options.
Install it from PyPI tarball:
pip install ldap2pg pyscopg2-binary
More details can be found in documentation.
ldap2pg is licensed under PostgreSQL license. ldap2pg is available with
the help of wonderful people, jump to contributors list to see them.
If you need support and you didn't found it in documentation, just drop a question in a GitHub issue! Don't miss the cookbook. You're welcome!