Paris, February 7, 2025
Dalibo announces the availability of ldap2pg 6.3. This new version brings support for ARM architectures and reintroduces the configuration of custom ACL (Access Control List). Follow the documentation to install this new version.
Since 2017, ldap2pg offers the best solution for automatic synchronization of roles and privileges for PostgreSQL.
Configure LDAP authentication in the pg_hba.conf file
then use ldap2pg to create and configure roles from your enterprise directory.
Privilege Configuration
ldap2pg 6.0 contained a functional regression regarding ACL management. ldap2pg 6.3 reintroduces the management of custom ACLs in a slightly different, more performant approach.
The principle remains the same, define queries to list and handle privileges. ldap2pg then inspects the PostgreSQL cluster to compare current privileges with the desired ones. This advanced feature is useful for complex environments to push the limits of ldap2pg.
LDAP
Like OpenLDAP tools, ldap2pg 6.3 accepts the -y parameter to load the LDAP password from a file.
Since its inception, ldap2pg has observed the 12-factor recommendations,
so the environment variable LDAPPASSWORD_FILE also configures this feature.
Another specific situation,
when accessing an LDAP attribute referenced as {member.uid},
ldap2pg avoids making a sub-search for each attribute value
by directly searching for the uid attribute in the Distinguished Name.
This optimization is now configurable via known_rdns to extend it to other attributes
or to disable it.
Other Changes
Documentation has now a more standard structure. ldap2pg now provides a binary for ARMv8 architectures. Several marginal failure situations have been corrected for a better experience. ldap2pg accepts new plural configuration forms to reduce repetitions in the YAML file. See more in the change log documentation.
Find the English documentation, procedures, and community support at these addresses:
- Online documentation: http://ldap2pg.rtfd.io/en/latest/
- The project on GitHub: https://github.com/dalibo/ldap2pg
Étienne BERSAC and Pierre-Louis GONON develop ldap2pg, a project of Dalibo Labs. For any technical questions, the team recommends using the ldap2pg page on GitHub.
