Postgres is able to check password of an existing role using the LDAP protocol out of the box. ldap2pg automates the creation, update and removal of PostgreSQL roles and users from an entreprise directory.

Managing roles is close to managing privileges as you expect roles to have proper default privileges. ldap2pg can grant and revoke privileges too.

Features

• Reads settings from an expressive YAML config file.
• Creates, alters and drops PostgreSQL roles from LDAP searches.
• Creates static roles from YAML to complete LDAP entries.
• Manages role parents (alias groups).
• Grants or revokes privileges statically or from LDAP entries.
• Dry run, check mode.
• Logs LDAP searches as ldapsearch(1) commands.
• Logs every SQL statements.

Installation

Download package or binary from Releases page.

ldap2pg is licensed under PostgreSQL license.

Support

The documentation includes a cookbook with many recipes for common deployment pattern. If you hit a bug or didn't found what you need in documentation, drop an issue on GitHub project.