ldap-scim-bridge: See README for synopsis
Downloads
- ldap-scim-bridge-0.10.tar.gz [browse] (Cabal source package)
- Package description (as included in the package)
Maintainer's Corner
For package maintainers and hackage trustees
Candidates
| Versions [RSS] | 0.1, 0.2, 0.3, 0.4, 0.5, 0.6, 0.7, 0.8, 0.9, 0.10 |
|---|---|
| Change log | CHANGELOG.md |
| Dependencies | aeson (>=2.1.2 && <2.2), aeson-pretty (>=0.8.10 && <0.9), base (>=4.17 && <4.21), bytestring (>=0.11.5 && <0.12), containers (>=0.6.7 && <0.7), email-validate (>=2.3.2 && <2.4), hscim (>=0.4.0.6 && <0.5), http-client (>=0.7.16 && <0.8), http-client-tls (>=0.3.6 && <0.4), http-types (>=0.12.4 && <0.13), ldap-client (>=0.4.2 && <0.5), ldap-scim-bridge, network (>=3.2.6 && <3.3), relude (>=1.2.1 && <1.3), servant (>=0.19 && <0.21), servant-client (>=0.19 && <0.21), servant-client-core (>=0.19 && <0.21), string-conversions (>=0.4.0 && <0.5), text (>=2.0.2 && <2.1), tinylog (>=0.15.0 && <0.16), unordered-containers (>=0.2.20 && <0.3), yaml (>=0.11.11 && <0.12) [details] |
| Tested with | ghc ==9.6.6 |
| License | AGPL-3.0-or-later |
| Copyright | (c) 2021 - 2024 wire.com |
| Author | wire.com |
| Maintainer | backend@wire.com |
| Category | System |
| Home page | https://github.com/wireapp/ldap-scim-bridge |
| Bug tracker | https://github.com/wireapp/ldap-scim-bridge/issues |
| Source repo | head: git clone https://github.com/wireapp/ldap-scim-bridge.git |
| Uploaded | by MatthiasFischmann at 2024-11-29T11:18:46Z |
| Distributions | |
| Executables | ldap-scim-bridge |
| Downloads | 1172 total (33 in the last 30 days) |
| Rating | (no votes yet) [estimated by Bayesian average] |
| Your Rating | |
| Status | Docs uploaded by user Build status unknown [no reports yet] |
Readme for ldap-scim-bridge-0.10
[back to package description]ldap-scim-bridge
intro
This is a small command line tool to pull data from an LDAP server and push it to a SCIM peer. It is currently used in production togethre with wire-server, but is designed as a more general tool.
It supports fields externalId, userName, displayName, emails,
in the User schema. It may not support any other fields, and it
does not support scim Groups.
If you extend this to other fields, groups, or other use cases and setups, we would highly appreciate pull requests, tickets, or emails (no matter how half-baked).
There is a yaml config file that describes both how to reach the LDAP server (including the desired directory object(s)) and the SCIM peer, how to map attributes between the two worlds, and anything else that's needed like log level.
Every communication is logged to stdout. When called without arguments, the tool will print out usage info:
*** Exception: bad number of arguments: []
usage: ldap-scim-bridge <config.yaml>
see https://github.com/wireapp/ldap-scim-bridge for a sample config.
See ldif for a few sample user records to play with.
A working example can be found in ./examples/wire-server.
use via docker
If you have gotten here as a
wire-server administrator
and want to use this to populate your teams, you can use the docker
image we're building from this repo (append version with : if you
want to pin it):
docker pull quay.io/wire/ldap-scim-bridge
You need to create a config file that contains your setup. If in doubt, you can start with this example, or this one. Name the file config.yaml and place it into /config-path. Let's say you want to work on release 0.5. (You can check if there is a :latest, but at the time of writing this paragraph, we still have to add that.)
docker run -it --network=host \
--mount type=bind,src=/config-path,target=/mnt \
quay.io/wire/ldap-scim-bridge \
ldap-scim-bridge /mnt/config.yaml
This should work fine for Windows if you make sure the file path under src points to the right place. You may need to you \ instead of /.
The connection to wire is not encrypted. This tool is made for running inside the trusted network the backend is running in. If you need to protect this connection you can use an off-the-shelf tls tunnel or vpn solution.
The connection to the LDAP source is TLS-encrypted. If you need to add trusted certificates to the store in /etc/ssl/certs/, you can just mount it:
docker run -it --network=host \
--mount type=bind,src=/config-path,target=/mnt \
--mount type=bind,src=/etc/ssl/certs,target=/etc/ssl/certs \
quay.io/wire/ldap-scim-bridge \
ldap-scim-bridge /mnt/config.yaml
developers
For running unit tests, try cabal test.
Integration tests is a bit more involved, since we need ldap and
wire-server running. See ./examples/wire-server/run.sh.
future work
See https://github.com/wireapp/ldap-scim-bridge/issues