Paris, 2 September 2019
ldap2pg is a tool for roles and privileges synchronization from a LDAP compatible directory. Configuration is simple yet powerful, from a YAML file. ldap2pg eases integration and security of PostgresSQL in your infrastructure.
After vacation, ldap2pg is available in version 5.0. The project features a major functionality: client-side LDAP join, aka LDAP sub-queries. Joins are handful especially with Active Directory schema.
Since 4.0, ldap2pg shipped up to 18 releases, including:
- support for Postgres 9.3 and 9.4;
- simplification for LDAP queries configuration;
- finer configuration of role scope to confine ldap2pg playground;
- comment on roles;
- reduced execution time and memory consumption;
- safer loading of YAML configurion;
- better compatibility with Active Directory, by disabling
- better compatibility with RDS by running without super privileges and excluding RDS predefined roles;
- an official Docker image:
The new feature of 5.0 is the ability to configure client-side LDAP queries, a major contribution from Harold le CLÉMENT de SAINT-MARCQ.
More fixes and updates are detailed, release after release in changelog
Client-side LDAP Join
Client side LDAP join allows to reduce complexity in some schema, often
encoutered with Active Directory. When user authentify with it’s
ldap2pg can’t get user id from LDAP ref (aka Distinguished
Name). The query on LDAP group must be followed by a new sub-query on each ref.
Client side LDAP join impacts performances of synchronisation. If you have a lot
of roles to synchronize, prefer
memberOf or review you LDAP schemas to reduce
The Docker Image is an initial contribution from Thomas WOLF. This image eases deployment on CoreOS or Kubernetes. Image building is automated and images are tagged. Image is available a few minutes after sources are released.
ldap2pg is also available as RPM package on yum.postgresql.org. PDGD’s RPM team update package up to a few days after source release.
__ For more about documentation, recipes and communautary support, uses: __
- Online documentation: http://ldap2pg.rtfd.io/en/latest/
- GitHub project page: https://github.com/dalibo/ldap2pg
Étienne Bersac is the maintainer of ldap2pg, a Dalibo Labs project. For technical questions, please report a GitHub issue on ldap2pg.