ldap-scim-bridge: See README for synopsis

[ agpl, library, program, system ] [ Propose Tags ]

See README for description

[Skip to Readme]


[Last Documentation]

  • LdapScimBridge


Maintainer's Corner

Package maintainers

For package maintainers and hackage trustees


Versions [RSS] 0.1, 0.2, 0.3, 0.4, 0.5, 0.6, 0.7, 0.8, 0.9
Change log CHANGELOG.md
Dependencies aeson (>=2.1.2 && <2.2), aeson-pretty (>=0.8.10 && <0.9), base (>=4.17.2 && <4.18), bytestring (>=0.11.5 && <0.12), containers (>=0.6.7 && <0.7), email-validate (>=2.3.2 && <2.4), hscim (>= && <0.5), http-client (>=0.7.16 && <0.8), http-client-tls (>=0.3.6 && <0.4), http-types (>=0.12.4 && <0.13), ldap-client (>=0.4.2 && <0.5), ldap-scim-bridge, network (>=3.1.4 && <3.2), relude (>=1.2.1 && <1.3), servant (>=0.19.1 && <0.20), servant-client (>=0.19 && <0.20), servant-client-core (>=0.19 && <0.20), string-conversions (>=0.4.0 && <0.5), text (>=2.0.2 && <2.1), tinylog (>=0.15.0 && <0.16), unordered-containers (>=0.2.20 && <0.3), yaml (>=0.11.11 && <0.12) [details]
License AGPL-3.0-or-later
Copyright (c) 2021 wire.com
Author Matthias Fischmann
Maintainer Matthias Fischmann <mf@zerobuzz.net>
Category System
Home page https://github.com/wireapp/ldap-scim-bridge
Bug tracker https://github.com/wireapp/ldap-scim-bridge/issues
Source repo head: git clone https://github.com/wireapp/ldap-scim-bridge.git
Uploaded by MatthiasFischmann at 2024-03-14T16:33:50Z
Executables ldap-scim-bridge
Downloads 886 total (27 in the last 30 days)
Rating (no votes yet) [estimated by Bayesian average]
Your Rating
  • λ
  • λ
  • λ
Status Docs not available [build log]
All reported builds failed as of 2024-03-14 [all 2 reports]

Readme for ldap-scim-bridge-0.9

[back to package description]


GitHub CI Hackage Stackage Lts Stackage Nightly AGPL-3.0-only license


This is a small command line tool to pull data from an LDAP server and push it to a SCIM peer. It is currently used in production togethre with wire-server, but is designed as a more general tool.

It supports fields externalId, userName, displayName, emails, in the User schema. It may not support any other fields, and it does not support scim Groups.

If you extend this to other fields, groups, or other use cases and setups, we would highly appreciate pull requests, tickets, or emails (no matter how half-baked).

There is a yaml config file that describes both how to reach the LDAP server (including the desired directory object(s)) and the SCIM peer, how to map attributes between the two worlds, and anything else that's needed like log level.

Every communication is logged to stdout. When called without arguments, the tool will print out usage info:

*** Exception: bad number of arguments: []

usage: ldap-scim-bridge <config.yaml>
see https://github.com/wireapp/ldap-scim-bridge for a sample config.

See ldif for a few sample user records to play with. A working example can be found in ./examples/wire-server.

use via docker

If you have gotten here as a wire-server administrator and want to use this to populate your teams, you can use the docker image we're building from this repo (append version with : if you want to pin it):

docker pull quay.io/wire/ldap-scim-bridge

You need to create a config file that contains your setup. If in doubt, you can start with this example, or this one. Name the file config.yaml and place it into /config-path. Let's say you want to work on release 0.5. (You can check if there is a :latest, but at the time of writing this paragraph, we still have to add that.)

docker run -it --network=host \
  --mount type=bind,src=/config-path,target=/mnt \
  quay.io/wire/ldap-scim-bridge \
  ldap-scim-bridge /mnt/config.yaml

This should work fine for Windows if you make sure the file path under src points to the right place. You may need to you \ instead of /.

The connection to wire is not encrypted. This tool is made for running inside the trusted network the backend is running in. If you need to protect this connection you can use an off-the-shelf tls tunnel or vpn solution.

The connection to the LDAP source is TLS-encrypted. If you need to add trusted certificates to the store in /etc/ssl/certs/, you can just mount it:

docker run -it --network=host \
  --mount type=bind,src=/config-path,target=/mnt \
  --mount type=bind,src=/etc/ssl/certs,target=/etc/ssl/certs \
  quay.io/wire/ldap-scim-bridge \
  ldap-scim-bridge /mnt/config.yaml

future work

See https://github.com/wireapp/ldap-scim-bridge/issues

further reading