Koppla - Active Directory MCP Server
Project description
Koppla
Koppla is a model-context-protocol server for Active Directory that enables you to manage users, groups, and computer objects using natural language.
With Koppla, you can seamlessly query and manage your Active Directory environment using Claude Desktop or other MCP capable AI agents.
🔹 What Can Koppla Do?
Koppla allows you to execute complex Active Directory queries and updates effortlessly. Examples:
- "Find all inactive users who haven't logged in for 90 days."
- "Add John Doe to the 'IT Admins' security group."
- "List all locked-out user accounts."
- "Find all users in the Sales department."
- "Which groups does Jane Smith belong to?"
- "Show me empty groups."
- "Find users in group A but not in group B."
🚀 Getting Started
1️⃣ Prerequisites
- Python 3.7 or higher
- Active Directory environment
- Claude Desktop application (for integration with Claude)
2️⃣ Installation
Koppla requires Python and can be installed using:
pip install koppla
3️⃣ Configuration
Using the Configuration Manager (Recommended)
Koppla includes a secure configuration manager that handles encryption of sensitive credentials:
koppla-config configure
This interactive tool will:
- Prompt for your Active Directory connection details
- Securely encrypt your password using Fernet symmetric encryption
- Create or update the Claude Desktop configuration file with Koppla server settings
- Automatically create a backup of your existing Claude Desktop configuration
- Test the connection to verify your credentials
You can also:
- Display current configuration:
koppla-config show - Test your AD connection:
koppla-config test
Manual Configuration
Koppla uses environment variables for configuration:
| Name | Description |
|---|---|
AD_SERVER |
The address of the Active Directory server. |
AD_USER |
Username for authentication. |
AD_PASSWORD |
Password for authentication. |
BASE_DN |
Base DN for LDAP queries. |
AD_WRITE_ENABLED |
Enable or disable write operations (true/false). |
To manually configure Koppla with the Claude Desktop app, add the following configuration to the "mcpServers" section of your claude_desktop_config.json:
{
"mcpServers": {
"Koppla-Active-Directory": {
"command": "python",
"args": ["-m", "koppla.server"],
"env": {
"AD_SERVER": "ldap://<domain-controller-name>:389",
"AD_USER": "<domain\\username>",
"AD_PASSWORD": "<password>",
"BASE_DN": "DC=lazyadmin,DC=nl",
"AD_WRITE_ENABLED": "false"
}
}
}
}
🔒 Security Features
Password Encryption
- Koppla uses Fernet symmetric encryption (from the cryptography package) to secure your Active Directory password
- The encryption key is stored separately from the configuration in a key file with restricted permissions
- When using the configuration manager, passwords are never stored in plain text
- Encrypted passwords appear as
ENCRYPTED:xxxx...in the configuration file
Backup System
- Before any configuration changes, Koppla automatically creates timestamped backups of your Claude Desktop configuration
- Backups are stored alongside your configuration with format:
claude_desktop_config.json.backup_YYYYMMDD_HHMMSS
Write Protection
- By default, all write operations (adding/removing users from groups, updating user attributes) are disabled
- To enable write operations, set
AD_WRITE_ENABLEDto "true" - Critical accounts and groups have additional protection regardless of write settings
Supported Write Operations
Koppla supports the following write operations when AD_WRITE_ENABLED is set to "true":
-
Update User Attributes
- Modify standard user attributes like description, title, department, etc.
- Protected fields (passwords, security identifiers, account control) cannot be modified
- Protected accounts (administrators, service accounts, etc.) cannot be modified
-
Add User to Group
- Add standard users to security or distribution groups
- Cannot add users to protected administrative groups
- Protected accounts cannot be added to any groups
-
Remove User from Group
- Remove users from most security or distribution groups
- Cannot remove users from critical system groups
- Protected accounts cannot be removed from any groups
All write operations require explicit confirmation before execution.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file koppla-0.16.tar.gz.
File metadata
- Download URL: koppla-0.16.tar.gz
- Upload date:
- Size: 15.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c149687ab68185ccf5b30187ae908a347e03c757c13ba80b36f04d905b735d13
|
|
| MD5 |
261840e0204a2c5713f74b70ccc80724
|
|
| BLAKE2b-256 |
b084e193d43fb83cbf0b0b92efbbb104473c03e903ce84d1e390335c4af7db68
|
File details
Details for the file koppla-0.16-py3-none-any.whl.
File metadata
- Download URL: koppla-0.16-py3-none-any.whl
- Upload date:
- Size: 15.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
379c6a252deb788b4820999bea4786cb42bae506ed5bc16298a1a01a8a7b237b
|
|
| MD5 |
59d249f3ff13f3d498c80a9132fdba4d
|
|
| BLAKE2b-256 |
ad957f0ede72d390483476402bd2e9f0a7817bb452ae1cd0d69530bf1a38794a
|
