LDAP + Steampipe

LDAP is a mature, flexible, and well supported standards-based mechanism for interacting with directory servers. It’s often used for authentication and storing information about users, groups, and applications, but an LDAP directory server is a fairly general-purpose data store and can be used in a wide variety of applications.

Steampipe is an open-source zero-ETL engine to instantly query cloud APIs using SQL.

For example:

select
  dn,
  created,
  mail,
  department
from
  ldap_user;

+---------------------------------------------------------------+---------------------+---------------------------------+-------------+
| dn                                                            | created             | mail                            | department  |
+---------------------------------------------------------------+---------------------+---------------------------------+-------------+
| CN=Emine Braun,OU=Users,DC=example,DC=domain,DC=com           | 2021-08-30 11:21:05 | Emine.Braun@example.com         | IT          |
| CN=Richardis Lamprecht,OU=Users,DC=example,DC=domain,DC=com   | 2021-08-30 11:21:05 | Richardis.Lamprecht@example.com | Engineering |
| CN=Michl Gehring,OU=Users,DC=example,DC=domain,DC=com         | 2021-08-30 11:21:05 | Michl.Gehring@example.com       | Sales       |
| CN=Ottobert Giesen,OU=Users,DC=example,DC=domain,DC=com       | 2021-08-30 11:21:05 | Ottobert.Giesen@example.com     | Marketing   |
| CN=Mirjam Merker,OU=Users,DC=example,DC=domain,DC=com         | 2021-08-30 11:21:05 | Mirjam.Merker@example.com       | Engineering |
+---------------------------------------------------------------+---------------------+---------------------------------+-------------+

Documentation

Table definitions & examples →

Get started

Install

Download and install the latest LDAP plugin:

steampipe plugin install ldap

Configuration

Installing the latest ldap plugin will create a config file (~/.steampipe/config/ldap.spc) with a single connection named ldap:

connection "ldap" {
  plugin = "ldap"

  # Distinguished name of the user which will be used to bind to the server
  # username = "CN=Admin,OU=Users,DC=domain,DC=example,DC=com"

  # The password for the user defined above
  # password = "55j%@8RnFakePassword"

  # Host to connect to, e.g. ad.example.com, ldap.example.com
  # host = "domain.example.com"

  # Port on which the directory server is listening, e.g., 389, 636
  # port = "389"

  # If true, enable TLS encryption
  # tls_required = false

  # Distinguished name of the base object on which queries will be executed
  # base_dn = "DC=domain,DC=example,DC=com"

  # Fixed set of attributes that will be requested for each LDAP query. This attribute list is shared across all tables.
  # If nothing is specified, Steampipe will request all attributes
  # attributes = ["cn", "displayName", "uid"]

  # Optional user object filter to be used to filter objects. If not provided, defaults to "(&(objectCategory=person)(objectClass=user))"
  # user_object_filter = "(&(objectCategory=person)(objectClass=user))"

  # Optional group object filter to be used to filter objects. If not provided, defaults to "(objectClass=group)"
  # group_object_filter = "(objectClass=group)"

  # Optional organizational object filter to be used to filter objects. If not provided, defaults to "(objectClass=organizationalUnit)"
  # ou_object_filter = "(objectClass=organizationalUnit)"
}

Get Involved

Open source: https://github.com/turbot/steampipe-plugin-ldap
Community: Join #steampipe on Slack →

Postgres FDW

This plugin is available as a native Postgres FDW. Unlike Steampipe CLI, which ships with an embedded Postgres server instance, the Postgres FDW can be installed in any supported Postgres database version.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_postgres_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/postgres.sh)" -- ldap

The installer will prompt you for the plugin name and version, download and install the appropriate files for your OS, system architecture, and Postgres version.

To configure the Postgres FDW, you will create an extension, foreign server, and schema and import the foreign schema.

CREATE EXTENSION IF NOT EXISTS steampipe_postgres_ldap;
CREATE SERVER steampipe_ldap FOREIGN DATA WRAPPER steampipe_postgres_ldap OPTIONS (config '<your_config>');
CREATE SCHEMA ldap;
IMPORT FOREIGN SCHEMA ldap FROM SERVER steampipe_ldap INTO ldap;

SQLite Extension

This plugin is available as a SQLite Extension, making the tables available as SQLite virtual tables.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_sqlite_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/sqlite.sh)" -- ldap

The installer will prompt you for the plugin name, version, and destination directory. It will then determine the OS and system architecture, and it will download and install the appropriate package.

To configure the SQLite extension, load the extension module and then run the steampipe_configure_ldap function to configure it with plugin-specific options.

$ sqlite3
sqlite> .load ./steampipe_sqlite_extension_ldap.so
sqlite> select steampipe_configure_ldap('<your_config>');

Export

This plugin is available as a standalone Export CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- ldap

You can pass the configuration to the command with the --config argument:

steampipe_export_ldap --config '<your_config>' <table_name>