PostgreSQL roles and privilege management;

Swiss-army knife to synchronize Postgres roles and privileges from YAML or LDAP.

Postgres is able to check password against an entreprise directory using the LDAP protocol out of the box. ldap2pg automates the creation, update and removal of PostgreSQL roles and users based on entreprise organigram described in directory.

Managing roles is close to managing privileges as you expect roles to have proper default privileges. ldap2pg can grant and revoke privileges too.


  • Reads settings from an expressive YAML config file.
  • Creates, alters and drops PostgreSQL roles from LDAP queries.
  • Creates static roles from YAML to complete LDAP entries.
  • Manages role members (alias groups).
  • Grants or revokes privileges statically or from LDAP entries.
  • Dry run, check mode.
  • Logs LDAP queries as ldapsearch commands.
  • Logs every SQL query.
Screenshot of ldap2pg running.


The universal installation method is to download from PyPI using pip. Other methods and more details are described in documentation.

      $ pip install ldap2pg psycopg2-binary

ldap2pg is licensed under PostgreSQL license.


The documentation includes a cookbook with many recipes for common deployment pattern. If you hit a bug or didn't found what you need in documentation, drop an issue on GitHub project.


ldap2pg is maintained by the following Dalibo Labs team members, with the contribution of many from the open source community: