The best way to synchronize PostgreSQL roles with Active Directory users and groups.
padnag will query the Active Directory and seamlessly create or drop the PostgreSQL roles.
It is easy to install, flexible and safe to use, practical, simple to configure and well integrated.
Create the database role hierarchy you need, even when the AD is differently organised.
Straight one-to-one mapping from AD to DB or link multiple OUs, groups and roles. Database group roles can be associated with one or several Active Directory groups - and vice versa - an Active Directory group can be tied to one or several database roles.
Fully tested against PostgreSQL versions:
padnag safely handles removing users from a group by transferring any objects owned back to the group role.
padnag has --test mode to safely preview it's intended actions. This will not make any changes on the database.
padnag has --verbose mode and logging levels keep you informed.
Do you need to remove leading # signs or trailing suffixes from the user names? Active Directory attributes can be tweaked with powerful regular expressions.
padnag is easy to install, it comes ready packaged for Centos7 and Ubuntu 1604 LTS distributions. padnag is a stand alone executable with no dependencies other than the normal libc system library.
Install, provide the PostgreSQL and Active Directory parameters and you're good to go. The config file is TOML text file ( similar to .INI ) and can be edited with your favourite text editor.
Choose to use the provided Systemd service unit or run from the command line or from cron.
padnag does one thing well.