This repository is heavily under development.
ldap-pg is a LDAP server implementation which uses PostgreSQL as the backend database.
- Basic LDAP operations
- Bind
- PLAIN
- SSHA
- SSHA256
- SSHA512
- Pass-through authentication (Support
{SASL}foo@domain)
- Search
- base
- one
- sub
- children
- Add
- Modify
- Delete
- ModifyDN
- Rename RDN
- Support deleteoldrdn
- Support newsuperior
- Compare
- Extended
- Bind
- LDAP Controls
- Simple Paged Results Control
- Support member/memberOf association (like OpenLDAP memberOf overlay)
- Return memberOf attribute as operational attribute
- Maintain member/memberOf
- Search filter using memberOf
- Schema
- Basic schema processing
- More schema processing
- User defined schema
- Multiple RDNs
- Network
- SSL/StartTLS
- Prometheus metrics
- Auto create table for PostgreSQL
- Auto migrate table for PostgreSQL
PostgreSQL 12 or later.
Please download it from release page.
ldap-pg is written by Golang. Install Golang then build ldap-pg:
make
You can find the binary in ./bin/ directory.
ldap-pg.
Usage:
ldap-pg [options]
Options:
-b string
Bind address (default "127.0.0.1:8389")
-d string
DB Name
-db-max-idle-conns int
DB max idle connections (default 2)
-db-max-open-conns int
DB max open connections (default 5)
-gomaxprocs int
GOMAXPROCS (Use CPU num with default)
-h string
DB Hostname (default "localhost")
-log-level string
Log level, on of: debug, info, warn, error, alert (default "info")
-migration
Enable migration mode which means LDAP server accepts add/modify operational attributes (Default: false)
-p int
DB Port (default 5432)
-pass-through-ldap-bind-dn string
Pass-through/LDAP: Bind DN
-pass-through-ldap-domain string
Pass-through/LDAP: Domain for pass-through/LDAP
-pass-through-ldap-filter string
Pass-through/LDAP: Filter for finding an user (ex. (cn=%u))
-pass-through-ldap-password string
Pass-through/LDAP: Bind password
-pass-through-ldap-scope string
Pass-through/LDAP: Search scope, on of: base, one, sub (Default: sub) (default "sub")
-pass-through-ldap-search-base string
Pass-through/LDAP: Search base
-pass-through-ldap-server string
Pass-through/LDAP: Server address and port (ex. myldap:389)
-pass-through-ldap-timeout int
Pass-through/LDAP: Timeout seconds (Default: 10) (default 10)
-pprof string
Bind address of pprof server (Don't start the server with default)
-root-dn string
Root dn for the LDAP
-root-pw string
Root password for the LDAP
-s string
DB Schema
-schema value
Additional/overwriting custom schema
-suffix string
Suffix for the LDAP
-u string
DB User
-w string
DB Password
ldap-pg -h localhost -u testuser -w testpass -d testdb -s public \
-suffix dc=example,dc=com -root-dn cn=Manager,dc=example,dc=com -root-pw secret \
-log-level info
[ info ] 2019/10/03 15:13:37 main.go:169: Setup GOMAXPROCS with NumCPU: 8
[ info ] 2019/10/03 15:13:37 main.go:234: Starting ldap-pg on 127.0.0.1:8389
ldap-pg creates required tables and indexes into PostgreSQL if not exists.
You can import your LDIF file by using standard LDAP tools like ldapadd command.
$ cat << EOS > base.ldif
dn: dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: com
dc: com
dn: dc=example,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: Example Inc.
dc: example
dn: ou=Users,dc=example,dc=com
objectClass: organizationalUnit
ou: Users
dn: ou=Groups,dc=example,dc=com
objectClass: organizationalUnit
ou: Group
EOS
$ ldapadd -H ldap://localhost:8389 -x -D cn=manager,dc=example,dc=com -w secret -f base.ldif
adding new entry "dc=com"
adding new entry "dc=example,dc=com"
adding new entry "ou=Users,dc=example,dc=com"
adding new entry "ou=Groups,dc=example,dc=com"
Licensed under the GPL license.