turbot / steampipe-plugin-ldap Goto Github PK

View Code? Open in Web Editor NEW

9.0 11.0 1.0 272 KB

Use SQL to instantly query users, groups, OUs and more from LDAP. Open source CLI. No DB required.

Home Page: https://hub.steampipe.io/plugins/turbot/ldap

License: Apache License 2.0

Makefile 0.29% PLSQL 3.40% Go 96.31%

sql postgresql steampipe steampipe-plugin postgresql-fdw ldap active-directory hacktoberfest backup etl

steampipe-plugin-ldap's Introduction

LDAP Plugin for Steampipe

Use SQL to query infrastructure including users, groups, organizational units and more from LDAP.

Get started →
Documentation: Table definitions & examples
Community: Join #steampipe on Slack →
Get involved: Issues

Quick start

Install the plugin with Steampipe:

steampipe plugin install ldap

Run a query:

select dn, mail, department from ldap_user

Engines

This plugin is available for the following engines:

Engine	Description
Steampipe	The Steampipe CLI exposes APIs and services as a high-performance relational database, giving you the ability to write SQL-based queries to explore dynamic data. Mods extend Steampipe's capabilities with dashboards, reports, and controls built with simple HCL. The Steampipe CLI is a turnkey solution that includes its own Postgres database, plugin management, and mod support.
Postgres FDW	Steampipe Postgres FDWs are native Postgres Foreign Data Wrappers that translate APIs to foreign tables. Unlike Steampipe CLI, which ships with its own Postgres server instance, the Steampipe Postgres FDWs can be installed in any supported Postgres database version.
SQLite Extension	Steampipe SQLite Extensions provide SQLite virtual tables that translate your queries into API calls, transparently fetching information from your API or service as you request it.
Export	Steampipe Plugin Exporters provide a flexible mechanism for exporting information from cloud services and APIs. Each exporter is a stand-alone binary that allows you to extract data using Steampipe plugins without a database.
Turbot Pipes	Turbot Pipes is the only intelligence, automation & security platform built specifically for DevOps. Pipes provide hosted Steampipe database instances, shared dashboards, snapshots, and more.

Developing

Prerequisites:

Clone:

git clone https://github.com/turbot/steampipe-plugin-ldap.git
cd steampipe-plugin-ldap

Build, which automatically installs the new version to your ~/.steampipe/plugins directory:

make

Configure the plugin:

cp config/* ~/.steampipe/config
vi ~/.steampipe/config/ldap.spc

Try it!

steampipe query
> .inspect ldap

Open Source & Contributing

This repository is published under the Apache 2.0 (source code) and CC BY-NC-ND (docs) licenses. Please see our code of conduct. We look forward to collaborating with you!

Steampipe is a product produced from this open source software, exclusively by Turbot HQ, Inc. It is distributed under our commercial terms. Others are allowed to make their own distribution of the software, but cannot use any of the Turbot trademarks, cloud services, etc. You can learn more in our Open Source FAQ.

Get Involved

Join #steampipe on Slack →

Want to help but don't know where to start? Pick up one of the help wanted issues:

steampipe-plugin-ldap's People

Contributors

Stargazers

Watchers

Forkers

harlequin

steampipe-plugin-ldap's Issues

Error: unsupported Unicode escape sequence (SQLSTATE 22P05)" when querying Active directory

Hello I get the error: "Error: unsupported Unicode escape sequence (SQLSTATE 22P05)" when querying Active directory
How can I solve it?

select a.mail 
from ldap_user a 
where dn in (
  select 
    jsonb_array_elements_text(attributes -> 'manager')
  from adgroup.ldap_user where sam_account_name='matteo');

The single queries work fine

select  jsonb_array_elements_text(attributes -> 'manager')
from
  adgroup.ldap_user where sam_account_name='matteo';

+------------------------------------------------------------------------------------------------------------------+
| jsonb_array_elements_text                                                                                        |
+------------------------------------------------------------------------------------------------------------------+
| CN=Pippo,DC=redaelli,DC=com |
+------------------------------------------------------------------------------------------------------------------+

 select a.mail 
from ldap_user a where dn  in ('CN=..');

+---------------------------+
| mail                      |
+---------------------------+
| [email protected] |
+---------------------------+

ldap plugin can not list all the operational attributes in the results

**for example, without the '+' i can not see the operational attributes
ldapsearch -b 'ou=users,dc=example,dc=net' 'user=me' but with '+' i can
ldapsearch -b 'ou=users,dc=example,dc=net' 'user=me' '+'

So I tried '["memberof"]' and '["+"]' didn't work.

Add ability to connect using TLS and certificate

Add table ldap_computer

Many Ldap servers ( active directory) contains "computer" objects: for instance all windows workstations and servers that are joined to the Windows Domain.

It would be nice to have a table ldap_computer (filtered with "(objectclass=computer)" ?)

Sample fields

dn: CN=7WK011,OU=DESKTOPS,DC=example,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
objectClass: computer
cn: 7WK011
distinguishedName: CN=7WK011,OU=DESKTOPS,DC=example,DC=com
name: 7WK011
operatingSystem: Windows 7 Enterprise
operatingSystemVersion: 6.1 (7601)
operatingSystemServicePack: Service Pack 1
dNSHostName: 7WK011.example.com

function getOrganizationUnit crash if DN does not contains OU and no results will returned

Describe the bug
getOrganizationUnit crash if DN does not contains OU

func getOrganizationUnit(dn string) string {
	return dn[strings.Index(strings.ToUpper(dn), "OU"):]  // Here the function will crash in case OU not exists
}

Proposal is to change to logic like

func getOrganizationUnit(dn string) string {
	index := strings.Index(strings.ToUpper(dn), "OU")
	if index > -1 {
		return dn[index:]
	} else {
		return ""
	}
}