Skip to content

trxo/ldap-mcp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
cmd/server
cmd/server
 
 
internal
internal
 
 
scripts
scripts
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

LDAP MCP Server

LDAP MCP Server exposes an LDAP directory through the Model Context Protocol (MCP), enabling MCP clients to run common directory searches and CRUD operations using the standard tool/resource workflow.

Features

  • Search, retrieve, add, modify, and delete LDAP entries through MCP tools.
  • Optional read-only mode that limits MCP clients to safe operations.
  • Support for StartTLS upgrades, LDAPS endpoints, and configurable TLS verification.
  • Built-in MCP resources for the directory root DSE and arbitrary entries by DN.
  • Graceful shutdown handling and automatic LDAP reconnection logic.

Requirements

  • Go 1.24 or newer
  • Access to an LDAP server (OpenLDAP, Active Directory, etc.)
  • MCP client capable of speaking the SSE transport (e.g., Claude Desktop)

Building and Testing

cd /opt/code/github/ldap-mcp
go test ./...

The repository currently ships without unit tests, so a successful run confirms the project compiles and all dependencies resolve.

Running the Server

cd /opt/code/github/ldap-mcp
go run ./cmd/server \
  -url ldap://localhost:389 \
  -bind-dn "cn=admin,dc=example,dc=com" \
  -bind-password secret

Key flags:

  • -addr: MCP listen address (default :8080, overridable via MCP_PORT).
  • -url: LDAP server URL such as ldap://host:389 or ldaps://host:636.
  • -bind-dn / -bind-password: Credentials for binding to the directory. You can also supply the password via the LDAP_BIND_PASSWORD environment variable.
  • -starttls: Upgrade a plain LDAP connection to TLS. Only valid when using ldap:// URLs.
  • -insecure: Skip TLS certificate verification (useful for testing with self-signed certs).
  • -read-write: Enable add/modify/delete tools. If omitted the server operates in read-only mode.
  • -timeout: Per-request timeout when talking to the LDAP server (default 30s).

Use -help to print the full list of flags and environment variables.

MCP Surface

Tools

  • search_entries: Execute LDAP searches with paging, scope selection, alias dereferencing, and size limits.
  • get_entry: Fetch a single entry by distinguished name.
  • add_entry: Create new entries (requires -read-write).
  • modify_entry: Apply attribute modifications (requires -read-write).
  • delete_entry: Delete entries (requires -read-write).

Resources

  • ldap://root-dse: Returns the directory root DSE as JSON.
  • ldap://entry/{dn}: Fetches a specific entry when provided with a DN.

Development Notes

  • The LDAP client wrapper (internal/ldapclient) manages connection reuse, StartTLS negotiation, and automatic reconnection on transport errors.
  • MCP tool handlers (internal/tools) validate inputs before invoking LDAP operations; for example the page_size argument is clamped to the uint32 range used by paged results controls.
  • Format Go sources with gofmt and keep module dependencies tidy via go mod tidy when dependencies change.

About

ldap-mcp server

Resources

Readme
Activity

Stars

7 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages