{"id":13457445,"url":"https://github.com/dalibo/ldap2pg","last_synced_at":"2025-05-15T01:07:35.594Z","repository":{"id":37484662,"uuid":"94523624","full_name":"dalibo/ldap2pg","owner":"dalibo","description":":elephant: :busts_in_silhouette: Manage PostgreSQL roles and privileges from YAML or LDAP","archived":false,"fork":false,"pushed_at":"2025-04-08T15:07:38.000Z","size":4442,"stargazers_count":216,"open_issues_count":11,"forks_count":36,"subscribers_count":18,"default_branch":"master","last_synced_at":"2025-04-13T23:53:39.870Z","etag":null,"topics":["acl","directory","golang","ldap","postgresql","privileges","roles","security","users","yaml"],"latest_commit_sha":null,"homepage":"https://labs.dalibo.com/ldap2pg","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"postgresql","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dalibo.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2017-06-16T08:36:30.000Z","updated_at":"2025-04-08T14:53:05.000Z","dependencies_parsed_at":"2023-01-25T05:45:47.132Z","dependency_job_id":"7aca56ab-b1a0-475c-931f-47162702ea06","html_url":"https://github.com/dalibo/ldap2pg","commit_stats":{"total_commits":1719,"total_committers":25,"mean_commits":68.76,"dds":0.03432228039557883,"last_synced_commit":"a450e43827ac1d01cd51a2aaa987822971db88f4"},"previous_names":[],"tags_count":64,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dalibo%2Fldap2pg","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dalibo%2Fldap2pg/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dalibo%2Fldap2pg/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dalibo%2Fldap2pg/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dalibo","download_url":"https://codeload.github.com/dalibo/ldap2pg/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254254041,"owners_count":22039792,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["acl","directory","golang","ldap","postgresql","privileges","roles","security","users","yaml"],"created_at":"2024-07-31T09:00:16.893Z","updated_at":"2025-05-15T01:07:30.570Z","avatar_url":"https://github.com/dalibo.png","language":"Go","readme":"\u003cp align=\"center\"\u003e\n \u003ca href=\"https://labs.dalibo.com/ldap2pg\" rel=\"nofollow\" class=\"rich-diff-level-one\"\u003e\n \u003cimg alt=\"ldap2pg: PostgreSQL role and privileges management\" src=\"https://github.com/dalibo/ldap2pg/raw/master/docs/img/logo-phrase.png\"/\u003e\n \u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n \u003cstrong\u003eSwiss-army knife to synchronize Postgres roles and privileges from YAML or LDAP.\u003c/strong\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n \u003ca href=\"https://ldap2pg.rtfd.io/\" rel=\"nofollow\" class=\"rich-diff-level-one\"\u003e\n \u003cimg src=\"https://readthedocs.org/projects/ldap2pg/badge/?version=latest\" alt=\"Documentation\" /\u003e\n \u003c/a\u003e\n \u003ca href=\"https://circleci.com/gh/dalibo/ldap2pg\" rel=\"nofollow\" class=\"rich-diff-level-one\"\u003e\n \u003cimg src=\"https://circleci.com/gh/dalibo/ldap2pg.svg?style=shield\" alt=\"Continuous Integration report\" /\u003e\n \u003c/a\u003e\n \u003ca href=\"https://hub.docker.com/r/dalibo/ldap2pg\" rel=\"nofollow\" class=\"rich-diff-level-one\"\u003e\n \u003cimg alt=\"Docker Cloud Automated build\" src=\"https://img.shields.io/docker/cloud/automated/dalibo/ldap2pg\"\u003e\n \u003c/a\u003e\n\u003c/p\u003e\n\n\nPostgres is able to check password of an existing role using the LDAP protocol out of the box.\nldap2pg automates the creation, update and removal of PostgreSQL roles and users from an entreprise directory.\n\nManaging roles is close to managing privileges as you expect roles to have proper default privileges.\nldap2pg can grant and revoke privileges too.\n\n\n# Features\n\n- Reads settings from an expressive YAML config file.\n- Creates, alters and drops PostgreSQL roles from LDAP searches.\n- Creates static roles from YAML to complete LDAP entries.\n- Manages role parents (alias *groups*).\n- Grants or revokes privileges statically or from LDAP entries.\n- Dry run, check mode.\n- Logs LDAP searches as `ldapsearch(1)` commands.\n- Logs **every** SQL statements.\n\nHere is a sample configuration and execution:\n\n``` console\n$ cat ldap2pg.yml\nversion: 6\n\nrules:\n- role:\n name: nominal\n options: NOLOGIN\n comment: \"Database owner\"\n- ldapsearch:\n base: ou=people,dc=ldap,dc=ldap2pg,dc=docker\n filter: \"(objectClass=organizationalPerson)\"\n role:\n name: '{cn}'\n options:\n LOGIN: yes\n CONNECTION LIMIT: 5\n$ ldap2pg --real\n08:25:12 INFO Starting ldap2pg version=v6.0-alpha5 runtime=go1.21.0 commit=\u003cnone\u003e\n08:25:12 INFO Using YAML configuration file. path=docs/readme/ldap2pg.yml\n08:25:12 INFO Running as unprivileged user. user=ldap2pg super=false server=\"PostgreSQL 15.3\" cluster=ldap2pg-dev database=nominal\n08:25:12 INFO Connected to LDAP directory. uri=ldaps://ad.bridoulou.fr authzid=\"dn:cn=administrator,cn=users,dc=bridoulou,dc=fr\"\n08:25:12 INFO Real mode. Postgres instance will modified.\n08:25:12 CHANGE Create role. role=charles database=nominal\n08:25:12 CHANGE Set role comment. role=charles database=nominal\n08:25:12 CHANGE Inherit role for management. role=charles database=nominal\n08:25:12 CHANGE Alter options. role=alain options=\"LOGIN CONNECTION LIMIT 5\" database=nominal\n08:25:12 CHANGE Terminate running sessions. role=omar database=nominal\n08:25:12 CHANGE Allow current user to reassign objects. role=omar parent=ldap2pg database=nominal\n08:25:12 CHANGE Reassign objects and purge ACL. role=omar owner=nominal database=nominal\n08:25:12 CHANGE Drop role. role=omar database=nominal\n08:25:12 INFO Comparison complete. elapsed=68.47058ms mempeak=1.6MiB postgres=15.323294ms queries=8 ldap=635.894µs searches=1\n$\n```\n\n\n# Installation\n\nDownload package or binary from [Releases page](https://github.com/dalibo/ldap2pg/releases).\n\n``` console\n$ sudo yum install https://github.com/dalibo/ldap2pg/releases/download/v6.1/ldap2pg_6.1_linux_amd64.rpm\n...\nInstalled:\n ldap2pg-6.1-1.x86_64\n\nComplete!\n$ ldap2pg --help\nusage: ldap2pg [OPTIONS] [dbname]\n\n --check Check mode: exits with 1 if Postgres instance is unsynchronized.\n --color Force color output. (default true)\n -c, --config string Path to YAML configuration file. Use - for stdin.\n -C, --directory string Path to directory containing configuration files.\n -?, --help Show this help message and exit.\n -q, --quiet count Decrease log verbosity.\n -R, --real Real mode. Apply changes to Postgres instance.\n -P, --skip-privileges Turn off privilege synchronisation.\n -v, --verbose count Increase log verbosity.\n -V, --version Show version and exit.\n\n\nOptional argument dbname is alternatively the database name or a conninfo string or an URI.\nSee man psql(1) for more information.\n\nBy default, ldap2pg runs in dry mode.\nldap2pg requires a configuration file to describe LDAP searches and mappings.\nSee https://ldap2pg.readthedocs.io/en/latest/ for further details.\n$\n```\n\n`ldap2pg` is licensed under [PostgreSQL license](https://opensource.org/licenses/postgresql).\n\nldap2pg **requires** a configuration file called `ldap2pg.yaml`.\nProject ships a [tested ldap2pg.yml](https://github.com/dalibo/ldap2pg/blob/master/ldap2pg.yml) as a starting point.\n\n``` console\n# curl -LO https://github.com/dalibo/ldap2pg/raw/master/ldap2pg.yml\n# editor ldap2pg.yml\n```\n\nFinally, it's up to you to use `ldap2pg` in a crontab or a playbook.\nHave fun!\n\n`ldap2pg` is reported to work with [Samba Directory](https://www.samba.org/),\n[OpenLDAP](https://www.openldap.org/),\n[FreeIPA](https://www.freeipa.org/),\nOracle Internet Directory and\nMicrosoft Active Directory.\n\n\n# Support\n\nIf you need support\nand you didn't found it in [documentation](https://ldap2pg.readthedocs.io/),\njust drop a question in a [GitHub discussion](https://github.com/dalibo/ldap2pg/discussions)!\nFrench accepted.\nIf you hit a bug or miss a feature, open a [GitHub issue](https://github.com/dalibo/ldap2pg/issues/new).\nDon't miss the [cookbook](https://ldap2pg.readthedocs.io/en/latest/cookbook/) for advanced use cases.\n\n\n# Authors\n\nldap2pg is a [Dalibo Labs](https://labs.dalibo.com/) project.\n\n- [Étienne BERSAC](https://github.com/bersace) is the maintainer.\n- [Damien Cazeils](https://www.damiencazeils.com) designed the logo.\n- [Harold le CLÉMENT de SAINT-MARCQ](https://github.com/hlecleme) implemented LDAP sub searches.\n- [Randolph Voorhies](https://github.com/randvoorhies) implemented role configuration synchronization.\n","funding_links":[],"categories":["Compiled list","Uncategorized","Utilities"],"sub_categories":["plv8:","Uncategorized"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdalibo%2Fldap2pg","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdalibo%2Fldap2pg","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdalibo%2Fldap2pg/lists"}