turbot/ldap

GitHub
steampipe plugin install ldapsteampipe plugin install ldap

LDAP + Steampipe

LDAP is a mature, flexible, and well supported standards-based mechanism for interacting with directory servers. It’s often used for authentication and storing information about users, groups, and applications, but an LDAP directory server is a fairly general-purpose data store and can be used in a wide variety of applications.

Steampipe is an open source CLI to instantly query cloud APIs using SQL.

For example:

select
dn,
created,
mail,
department
from
ldap_user;
+---------------------------------------------------------------+---------------------+---------------------------------+-------------+
| dn | created | mail | department |
+---------------------------------------------------------------+---------------------+---------------------------------+-------------+
| CN=Emine Braun,OU=Users,DC=example,DC=domain,DC=com | 2021-08-30 11:21:05 | Emine.Braun@example.com | IT |
| CN=Richardis Lamprecht,OU=Users,DC=example,DC=domain,DC=com | 2021-08-30 11:21:05 | Richardis.Lamprecht@example.com | Engineering |
| CN=Michl Gehring,OU=Users,DC=example,DC=domain,DC=com | 2021-08-30 11:21:05 | Michl.Gehring@example.com | Sales |
| CN=Ottobert Giesen,OU=Users,DC=example,DC=domain,DC=com | 2021-08-30 11:21:05 | Ottobert.Giesen@example.com | Marketing |
| CN=Mirjam Merker,OU=Users,DC=example,DC=domain,DC=com | 2021-08-30 11:21:05 | Mirjam.Merker@example.com | Engineering |
+---------------------------------------------------------------+---------------------+---------------------------------+-------------+

Documentation

Get started

Install

Download and install the latest LDAP plugin:

steampipe plugin install ldap

Configuration

Installing the latest ldap plugin will create a config file (~/.steampipe/config/ldap.spc) with a single connection named ldap:

connection "ldap" {
plugin = "ldap"
# Distinguished name of the user which will be used to bind to the server
# username = "CN=Admin,OU=Users,DC=domain,DC=example,DC=com"
# The password for the user defined above
# password = "55j%@8RnFakePassword"
# Host to connect to, e.g. ad.example.com, ldap.example.com
# host = "domain.example.com"
# Port on which the directory server is listening, e.g., 389, 636
# port = "389"
# If true, enable TLS encryption
# tls_required = false
# Distinguished name of the base object on which queries will be executed
# base_dn = "DC=domain,DC=example,DC=com"
# Fixed set of attributes that will be requested for each LDAP query. This attribute list is shared across all tables.
# If nothing is specified, Steampipe will request all attributes
# attributes = ["cn", "displayName", "uid"]
# Optional user object filter to be used to filter objects. If not provided, defaults to "(&(objectCategory=person)(objectClass=user))"
# user_object_filter = "(&(objectCategory=person)(objectClass=user))"
# Optional group object filter to be used to filter objects. If not provided, defaults to "(objectClass=group)"
# group_object_filter = "(objectClass=group)"
# Optional organizational object filter to be used to filter objects. If not provided, defaults to "(objectClass=organizationalUnit)"
# ou_object_filter = "(objectClass=organizationalUnit)"
}

Get Involved