ldap2pg 5.0 released

Publié le 02/09/2019 par Étienne Bersac

Paris, 2 September 2019

ldap2pg is a tool for roles and privileges synchronization from a LDAP compatible directory. Configuration is simple yet powerful, from a YAML file. ldap2pg eases integration and security of PostgresSQL in your infrastructure.

After vacation, ldap2pg is available in version 5.0. The project features a major functionality: client-side LDAP join, aka LDAP sub-queries. Joins are handful especially with Active Directory schema.

ldap2pg

Since 4.0, ldap2pg shipped up to 18 releases, including:

  • support for Postgres 9.3 and 9.4;
  • simplification for LDAP queries configuration;
  • finer configuration of role scope to confine ldap2pg playground;
  • comment on roles;
  • reduced execution time and memory consumption;
  • safer loading of YAML configurion;
  • better compatibility with Active Directory, by disabling REFERRALS by default;
  • better compatibility with RDS by running without super privileges and excluding RDS predefined roles;
  • an official Docker image: dalibo/ldap2pg.

The new feature of 5.0 is the ability to configure client-side LDAP queries, a major contribution from Harold le CLÉMENT de SAINT-MARCQ.

More fixes and updates are detailed, release after release in changelog

Client-side LDAP Join

Client side LDAP join allows to reduce complexity in some schema, often encoutered with Active Directory. When user authentify with it’s sAMAccountName, ldap2pg can’t get user id from LDAP ref (aka Distinguished Name). The query on LDAP group must be followed by a new sub-query on each ref.

Client side LDAP join impacts performances of synchronisation. If you have a lot of roles to synchronize, prefer memberOf or review you LDAP schemas to reduce queries.

Docker Image

The Docker Image is an initial contribution from Thomas WOLF. This image eases deployment on CoreOS or Kubernetes. Image building is automated and images are tagged. Image is available a few minutes after sources are released.

ldap2pg is also available as RPM package on yum.postgresql.org. PDGD’s RPM team update package up to a few days after source release.

__ For more about documentation, recipes and communautary support, uses: __

  • Online documentation: http://ldap2pg.rtfd.io/en/latest/
  • GitHub project page: https://github.com/dalibo/ldap2pg

Étienne Bersac is the maintainer of ldap2pg, a Dalibo Labs project. For technical questions, please report a GitHub issue on ldap2pg.

DALIBO

DALIBO est le spécialiste français de PostgreSQL®. Nous proposons du support, de la formation et du conseil depuis 2005.