LDAP + Steampipe
LDAP is a mature, flexible, and well supported standards-based mechanism for interacting with directory servers. It’s often used for authentication and storing information about users, groups, and applications, but an LDAP directory server is a fairly general-purpose data store and can be used in a wide variety of applications.
Steampipe is an open source CLI to instantly query cloud APIs using SQL.
For example:
select dn, created, mail, departmentfrom ldap_user;
+---------------------------------------------------------------+---------------------+---------------------------------+-------------+| dn | created | mail | department |+---------------------------------------------------------------+---------------------+---------------------------------+-------------+| CN=Emine Braun,OU=Users,DC=example,DC=domain,DC=com | 2021-08-30 11:21:05 | Emine.Braun@example.com | IT || CN=Richardis Lamprecht,OU=Users,DC=example,DC=domain,DC=com | 2021-08-30 11:21:05 | Richardis.Lamprecht@example.com | Engineering || CN=Michl Gehring,OU=Users,DC=example,DC=domain,DC=com | 2021-08-30 11:21:05 | Michl.Gehring@example.com | Sales || CN=Ottobert Giesen,OU=Users,DC=example,DC=domain,DC=com | 2021-08-30 11:21:05 | Ottobert.Giesen@example.com | Marketing || CN=Mirjam Merker,OU=Users,DC=example,DC=domain,DC=com | 2021-08-30 11:21:05 | Mirjam.Merker@example.com | Engineering |+---------------------------------------------------------------+---------------------+---------------------------------+-------------+
Documentation
Get started
Install
Download and install the latest LDAP plugin:
steampipe plugin install ldap
Configuration
Installing the latest ldap plugin will create a config file (~/.steampipe/config/ldap.spc
) with a single connection named ldap
:
connection "ldap" { plugin = "ldap"
# Distinguished name of the user which will be used to bind to the server # username = "CN=Admin,OU=Users,DC=domain,DC=example,DC=com"
# The password for the user defined above # password = "55j%@8RnFakePassword"
# Host to connect to, e.g. ad.example.com, ldap.example.com # host = "domain.example.com"
# Port on which the directory server is listening, e.g., 389, 636 # port = "389"
# If true, enable TLS encryption # tls_required = false
# Distinguished name of the base object on which queries will be executed # base_dn = "DC=domain,DC=example,DC=com"
# Fixed set of attributes that will be requested for each LDAP query. This attribute list is shared across all tables. # If nothing is specified, Steampipe will request all attributes # attributes = ["cn", "displayName", "uid"]
# Optional user object filter to be used to filter objects. If not provided, defaults to "(&(objectCategory=person)(objectClass=user))" # user_object_filter = "(&(objectCategory=person)(objectClass=user))"
# Optional group object filter to be used to filter objects. If not provided, defaults to "(objectClass=group)" # group_object_filter = "(objectClass=group)"
# Optional organizational object filter to be used to filter objects. If not provided, defaults to "(objectClass=organizationalUnit)" # ou_object_filter = "(objectClass=organizationalUnit)"}
Get Involved
- Open source: https://github.com/turbot/steampipe-plugin-ldap
- Community: Slack Channel