ldap-scim-bridge: See README for synopsis

This is a package candidate release! Here you can preview how this package release will appear once published to the main package index (which can be accomplished via the 'maintain' link below). Please note that once a package has been published to the main package index it cannot be undone! Please consult the package uploading documentation for more information.

[maintain] [Publish]

See README for description


[Skip to Readme]

Properties

Versions 0.1, 0.2, 0.3, 0.4, 0.5, 0.6, 0.7, 0.7, 0.8, 0.9
Change log CHANGELOG.md
Dependencies aeson (>=1.4.7.1 && <1.5), aeson-pretty (>=0.8.8 && <0.9), base (>=4.13 && <4.15), bytestring (>=0.10.12 && <0.11), containers (>=0.6.2.1 && <0.7), email-validate (>=2.3.2.13 && <2.4), hscim (>=0.3.6 && <0.4), http-client (>=0.7.8 && <0.8), http-client-tls (>=0.3.5 && <0.4), http-types (>=0.12.3 && <0.13), ldap-client (>=0.4.1 && <0.5), ldap-scim-bridge, network (>=3.1.1.1 && <3.2), relude, servant (>=0.18.3 && <0.19), servant-client (>=0.18.3 && <0.19), servant-client-core (>=0.18.3 && <0.19), string-conversions (>=0.4.0.1 && <0.5), text (>=1.2.4.1 && <1.3), tinylog (>=0.15 && <0.16), unordered-containers (>=0.2.14.0 && <0.3), yaml (>=0.11.5.0 && <0.12) [details]
License AGPL-3.0-or-later
Copyright (c) 2021 wire.com
Author Matthias Fischmann
Maintainer Matthias Fischmann <mf@zerobuzz.net>
Category System
Home page https://github.com/wireapp/ldap-scim-bridge
Bug tracker https://github.com/wireapp/ldap-scim-bridge/issues
Source repo head: git clone https://github.com/fisx/ldap-scim-bridge.git
Uploaded by MatthiasFischmann at 2022-06-16T13:51:48Z

Modules

[Index] [Quick Jump]

Downloads

Maintainer's Corner

Package maintainers

For package maintainers and hackage trustees


Readme for ldap-scim-bridge-0.7

[back to package description]

ldap-scim-bridge

GitHub CI Hackage Stackage Lts Stackage Nightly AGPL-3.0-only license

intro

This is a small command line tool to pull data from an LDAP server and push it to a SCIM peer. It is currently used in production togethre with wire-server, but is designed as a more general tool.

It supports fields externalId, userName, displayName, emails, in the User schema. It may not support any other fields, and it does not support scim Groups.

If you extend this to other fields, groups, or other use cases and setups, we would highly appreciate pull requests, tickets, or emails (no matter how half-baked).

There is a yaml config file that describes both how to reach the LDAP server (including the desired directory object(s)) and the SCIM peer, how to map attributes between the two worlds, and anything else that's needed like log level.

Every communication is logged to stdout. When called without arguments, the tool will print out usage info:

*** Exception: bad number of arguments: []

usage: ldap-scim-bridge <config.yaml>
see https://github.com/wireapp/ldap-scim-bridge for a sample config.

See ldif for a few sample user records to play with. A working example can be found in ./examples/wire-server.

use via docker

If you have gotten here as a wire-server administrator and want to use this to populate your teams, you can use the docker image we're building from this repo:

docker pull quay.io/wire/ldap-scim-bridge:0.5

You need to create a config file that contains your setup. If in doubt, you can start with this example, or this one. Name the file config.yaml and place it into /config-path. Let's say you want to work on release 0.5. (You can check if there is a :latest, but at the time of writing this paragraph, we still have to add that.)

docker run -it --network=host \
  --mount type=bind,src=/config-path,target=/mnt \
  quay.io/wire/ldap-scim-bridge:0.5 \
  ldap-scim-bridge /mnt/config.yaml

This should work fine for Windows if you make sure the file path under src points to the right place. You may need to you \ instead of /.

The connection to wire is not encrypted. This tool is made for running inside the trusted network the backend is running in. If you need to protect this connection you can use an off-the-shelf tls tunnel or vpn solution.

The connection to the LDAP source is TLS-encrypted. If you need to add trusted certificates to the store in /etc/ssl/certs/, you can just mount it:

docker run -it --network=host \
  --mount type=bind,src=/config-path,target=/mnt \
  --mount type=bind,src=/etc/ssl/certs,target=/etc/ssl/certs \
  quay.io/wire/ldap-scim-bridge:0.5 \
  ldap-scim-bridge /mnt/config.yaml

future work

See https://github.com/wireapp/ldap-scim-bridge/issues

further reading