Sign inTry Free

Synchronizing LDAP Users and Groups

The sdb-admin sync-ldap tool (or simply the "LDAP tool") imports users and groups from Lightweight Directory Access Protocol (LDAP) implementations, such as Active Directory into SingleStore. It also helps automatically synchronize the LDAP-implemented directory users and groups with SingleStore and thereby manage users in a central location.

The LDAP tool provides a one-way user and group synchronization from any LDAP directory to SingleStore. The LDAP server does not need to be modified in any way. It also manages LDAP user-group relationships in SingleStore. However, it does not create or manage SingleStore roles and privileges, which are internally managed in SingleStore.

Note

The LDAP tool uses LDAP protocol version 3. It can be used with LDAP implementations with or without Single Sign-On (SSO) support.

In this section

Last modified: June 22, 2022

Was this article helpful?

Was this article helpful?

Verification instructions

Note: You must install cosign to verify the authenticity of the SingleStore file.

Use the following steps to verify the authenticity of singlestoredb-server, singlestoredb-toolbox, singlestoredb-studio, and singlestore-client SingleStore files that have been downloaded.

You may perform the following steps on any computer that can run cosign, such as the main deployment host of the cluster.

  1. (Optional) Run the following command to view the associated signature files.

    curl undefined

  2. Download the signature file from the SingleStore release server.

    • Option 1: Click the Download Signature button next to the SingleStore file.

    • Option 2: Copy and paste the following URL into the address bar of your browser and save the signature file.

    • Option 3: Run the following command to download the signature file.

      curl -O undefined

  3. After the signature file has been downloaded, run the following command to verify the authenticity of the SingleStore file.

    echo -n undefined |
        cosign verify-blob --certificate-oidc-issuer https://oidc.eks.us-east-1.amazonaws.com/id/CCDCDBA1379A5596AB5B2E46DCA385BC \
          --certificate-identity https://kubernetes.io/namespaces/freya-production/serviceaccounts/job-worker \
          --bundle undefined \
          --new-bundle-format -
    Verified OK