PostgreSQL roles and privilege management;

Swiss-army knife to synchronize Postgres roles and privileges from YAML or LDAP.

Postgres is able to check password of an existing role using the LDAP protocol out of the box. ldap2pg automates the creation, update and removal of PostgreSQL roles and users from an entreprise directory.

Managing roles is close to managing privileges as you expect roles to have proper default privileges. ldap2pg can grant and revoke privileges too.


  • Reads settings from an expressive YAML config file.
  • Creates, alters and drops PostgreSQL roles from LDAP searches.
  • Creates static roles from YAML to complete LDAP entries.
  • Manages role parents (alias groups).
  • Grants or revokes privileges statically or from LDAP entries.
  • Dry run, check mode.
  • Logs LDAP searches as ldapsearch(1) commands.
  • Logs every SQL statements.
Screenshot of ldap2pg running.


Download package or binary from Releases page.

ldap2pg is licensed under PostgreSQL license.


The documentation includes a cookbook with many recipes for common deployment pattern. If you hit a bug or didn't found what you need in documentation, drop an issue on GitHub project.


ldap2pg is maintained by the following Dalibo Labs team members, with the contribution of many from the open source community: