Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

pg-ldap-sync

Package Overview
Dependencies
Maintainers
1
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

pg-ldap-sync

  • 0.5.0
  • Rubygems
  • Socket score

Version published
Maintainers
1
Created
Source

Build Status Build status

Use LDAP permissions in PostgreSQL

DESCRIPTION:

LDAP is often used for a centralized user and role management in an enterprise environment. PostgreSQL offers different authentication methods, like LDAP, SSPI, GSSAPI or SSL. However, for any method the user must already exist in the database, before the authentication can be used. There is currently no direct authorization of database users on LDAP. So roles and memberships has to be administered twice.

This program helps to solve the issue by synchronizing users, groups and their memberships from LDAP to PostgreSQL. Access to LDAP is used read-only. pg_ldap_sync issues proper CREATE ROLE, DROP ROLE, GRANT and REVOKE commands to synchronize users and groups.

It is meant to be started as a cron job.

FEATURES:

  • User+group creation, deletion and changes in memberships are synchronized from LDAP to PostgreSQL
  • Nested groups/roles supported
  • Configurable per YAML config file
  • Can use Active Directory as LDAP-Server
  • Set scope of considered users/groups on LDAP and PG side
  • Test mode which doesn't do any changes to the DBMS
  • Both LDAP and PG connections can be secured by SSL/TLS
  • NTLM and Kerberos authentication to LDAP server

REQUIREMENTS:

  • Ruby-2.0+
  • LDAP-v3 server
  • PostgreSQL-server v9.0+

INSTALL:

Install Ruby:

Install pg-ldap-sync and required dependencies:

  gem install pg-ldap-sync

Install from Git:

  git clone https://github.com/larskanis/pg-ldap-sync.git
  cd pg-ldap-sync
  gem install bundler
  bundle install
  bundle exec rake install

USAGE:

Create a config file based on config/sample-config.yaml or even better config/sample-config2.yaml

Run in test-mode:

  pg_ldap_sync -c my_config.yaml -vv -t

Run in modify-mode:

  pg_ldap_sync -c my_config.yaml -vv

It is recommended to avoid granting permissions to synchronized users on the PostgreSQL server, but to grant permissions to groups instead. This is because DROP USER statements invoked when a user leaves otherwise fail due to depending objects. DROP GROUP equally fails if there are depending objects, but groups are typically more stable and removed rarely.

TEST:

There is a small test suite in the test directory that runs against an internal LDAP server and a PostgreSQL server. Ensure pg_ctl, initdb and psql commands are in the PATH like so:

  cd pg-ldap-sync
  bundle install
  PATH=$PATH:/usr/lib/postgresql/10/bin/ bundle exec rake test

ISSUES:

  • There is currently no way to set certain user attributes in PG based on individual attributes in LDAP (expiration date etc.)

License

The gem is available as open source under the terms of the MIT License.

FAQs

Package last updated on 24 Aug 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc