MCP server for 389 Directory Server health diagnostics, log analysis, and SOS-report investigation
Project description
LDAP Assistant MCP
Beta — read-only 389 Directory Server diagnostics, suitable for evaluation and internal troubleshooting. Tool schemas, output formats, and configuration fields may still change before 1.0.0.
LDAP Assistant MCP turns your AI assistant into a 389 Directory Server support engineer. Point it at live servers, stopped instances, or an SOS report from a customer case, and ask:
- "What's wrong with my directory servers?"
- "Summarize this SOS report before I open the case."
- "Replication looks broken between these servers — why?"
It answers with prioritized findings (severity, impact, remediation) from 42 read-only diagnostic tools built on lib389, the official 389 DS administration library. Privacy mode is on by default: DNs, hostnames, and IPs are redacted before anything reaches the LLM.
Supported provider: 389 Directory Server. (OpenLDAP provider code exists experimentally behind an opt-in flag, with no privacy guarantees, and is not part of the support contract — see Environment Variables.)
Install
Prerequisites
-
Linux (primary) or macOS. Windows is not supported natively (python-ldap has no official Windows wheels) — use WSL2 (see the install playbook)
-
Python 3.11+ (3.13 is what CI tests against)
-
uvpackage manager -
MCP client (Claude Desktop, Claude Code, Cursor, Gemini CLI, etc.)
-
System development libraries (needed to build
python-ldap):Fedora / RHEL / CentOS:
sudo dnf install python3-devel openldap-devel cyrus-sasl-devel openssl-devel gcc
Ubuntu / Debian:
sudo apt install python3-dev libldap2-dev libsasl2-dev libssl-dev gcc
macOS (Homebrew):
brew install openldap export LDFLAGS="-L$(brew --prefix openldap)/lib" export CPPFLAGS="-I$(brew --prefix openldap)/include"
Anything failing during install? → Installation troubleshooting playbook
From PyPI (recommended)
No clone needed — your MCP client runs the published package via uvx. Skip ahead to Configure your servers, then use this client configuration (Claude Desktop: ~/Library/Application Support/Claude/claude_desktop_config.json on macOS):
{
"mcpServers": {
"ldap-assistant-mcp": {
"command": "uvx",
"args": ["ldap-assistant-mcp"],
"env": {
"LDAP_SERVERS_CONFIG": "/absolute/path/to/servers.json"
}
}
}
}
Use an absolute path for LDAP_SERVERS_CONFIG — relative paths resolve against the MCP client's working directory, which is usually not where you think.
From source (development)
git clone https://github.com/droideck/ldap-assistant-mcp.git
cd ldap-assistant-mcp
uv venv && source .venv/bin/activate
uv pip install -e .[dev]
# Register with your MCP client via FastMCP:
fastmcp install claude-desktop fastmcp.json # or: fastmcp install claude-code fastmcp.json
Then set LDAP_SERVERS_CONFIG in the generated client entry as above. See the Development Guide for test containers and architecture.
Configure your servers
Create a servers.json with your LDAP server(s). Note: the name field is never redacted in privacy mode — it is passed as-is to AI agents so they can reference servers across tool calls. Do not put hostnames, IPs, or other private information in server names.
{
"servers": [
{
"name": "local-ds",
"ldap_url": "ldap://localhost:389",
"base_dn": "dc=example,dc=com",
"bind_dn": "cn=Directory Manager",
"bind_password": "your-password",
"provider_type": "389ds",
"is_local": true,
"serverid": "localhost"
},
{
"name": "remote-ds",
"ldap_url": "ldap://ldap.example.com:389",
"base_dn": "dc=example,dc=com",
"bind_dn": "cn=Directory Manager",
"bind_password": "your-password",
"provider_type": "389ds"
},
{
"name": "stopped-ds",
"ldap_url": "ldap://localhost:389",
"base_dn": "dc=example,dc=com",
"bind_dn": "cn=Directory Manager",
"bind_password": "unused-in-offline-mode",
"provider_type": "389ds",
"is_local": true,
"serverid": "localhost",
"is_offline": true
},
{
"name": "sos-report",
"provider_type": "389ds",
"is_archive": true,
"archive_path": "/path/to/sosreport-host-2025/",
"instance_name": "slapd-instance"
}
]
}
Note: serverid is the instance name without the slapd- prefix (e.g. localhost for the instance slapd-localhost).
The four server modes
| Mode | Config | What you get |
|---|---|---|
| Remote | ldap_url only |
Health, replication, performance, config, and entry tools over LDAP. No log/disk/cert access |
| Local | + is_local: true, serverid |
Everything above plus log analysis, disk monitoring, certificate checks, process metrics |
| Offline | + is_offline: true |
A stopped local instance, analyzed via dse.ldif and log files — no LDAP connection. For post-mortems and instances that won't start |
| Archive | is_archive: true, archive_path |
An SOS report or config/log extract from any machine (tarball or directory, auto-detected layout). No LDAP, no local instance required |
Tools that need a live connection tell you so — the error names the tools that do work in that server's mode, so the investigation continues instead of dead-ending.
Remote LDAPS certificate verification: remote ldaps:// servers verify the server certificate by default ("tls_verify": true, or the LDAP_TLS_VERIFY environment variable for env-based config). To connect to a server with a self-signed or otherwise untrusted certificate, set "tls_verify": false on that server entry — this disables certificate verification entirely, so use it only for trusted lab environments. Local instances (is_local: true) instead use the instance's own NSS certificate directory.
After editing the client config or servers.json, restart your MCP client, then verify: ask "Which LDAP servers are configured?"
Privacy mode
By default, privacy mode is enabled — sensitive data (DNs, hostnames, IPs, user details) is redacted from tool outputs. Tools that expose individual entries (get_user_details, ldap_search) are disabled; list tools return counts only. Diagnostic metrics (counts, ratios, percentages) remain visible.
To enable full data access in trusted environments only:
{
"env": {
"LDAP_MCP_EXPOSE_SENSITIVE_DATA": "true"
}
}
Important: Only enable this with local models, private cloud LLM instances, or when working with test/sample data. Avoid enabling with public LLMs when connected to production directories — your directory information could be included in their training data or logs.
When privacy mode is enabled (default):
- Hostnames, DNs, IP addresses, and suffixes are anonymized
- Configuration values are redacted
- Sensitive tools are disabled
- Diagnostic metrics (counts, ratios, percentages) remain visible
- Server names (the
namefield inservers.json) are never redacted — they are user-chosen labels that must remain stable across tool calls. Do not put hostnames, IPs, or other private information in server names.
Data handling
- No telemetry. The server collects nothing and phones home to no one.
- Everything runs locally. Directory data is read from your LDAP servers, local instances, or archive files and returned only to your MCP client — which forwards tool results to whatever LLM you have configured. Privacy mode (on by default) redacts sensitive values before they leave the server process.
- Credentials stay in your local
servers.json/ environment variables; they are never included in tool output and tool errors are sanitized.
First questions to ask
| You want | Ask / use | Behind it |
|---|---|---|
| A health overview of everything | "What's wrong with my directory servers?" | first_look |
| An SOS report summarized | "Analyze the sos-report archive" or the archive_investigation prompt |
analyze_archive → archive playbook |
| To know which tool fits a goal | the tool_navigator prompt |
tool map for a stated goal |
| Guided replication triage | the diagnose_replication prompt |
replication tool sequence |
| Guided performance triage | the performance_investigation prompt |
performance tool sequence |
| A morning ops review | the daily_health_check prompt |
health + monitoring sweep |
Playbooks (symptom → tools → what they can't know → how to verify by hand):
Tools by group
42 read-only tools — full reference with parameters in TOOLS.md.
| Group | Tools | Highlights |
|---|---|---|
| Health | first_look, run_healthcheck, list_healthchecks, server_health |
Multi-server overview; full dsctl healthcheck equivalent |
| Replication | get_replication_status, get_replication_topology, check_replication_lag, list_replication_conflicts, get_agreement_status |
RUV/CSN analysis, topology mapping, conflict entries |
| Performance | get_performance_summary, cache/connection/operation/thread/resource statistics |
Bottleneck detection and tuning recommendations |
| Indexes | list_indexes, analyze_index_configuration, find_unindexed_searches |
Access-log-driven unindexed search hunting |
| Configuration | get_server_configuration, compare_server_configurations, list_plugins, get_backend_configuration |
Live and offline (dse.ldif) paths |
| Logs | analyze_access_log / analyze_error_log / analyze_audit_log (stats, privacy-safe), parse_*_log (full entries, requires sensitive-data mode) |
Traditional and JSON log formats |
| Archive / SOS | analyze_archive, validate_configuration, compare_dse_configs |
Inventory, offline config lint, full dse.ldif diff |
| Users & Groups | list/search/inspect users, active/locked filters, groups | Count-only in privacy mode |
| Advanced | ldap_search, run_monitor, list_servers, cn=config resources |
Generic search (sensitive-data mode only) |
Environment Variable Reference
| Variable | Default | Purpose |
|---|---|---|
LDAP_SERVERS_CONFIG |
– | Absolute path to servers.json (multi-server config; preferred) |
LDAP_PROVIDER |
dirsrv |
Server implementation. Only dirsrv (389 DS) is supported; openldap requires the opt-in flag below |
LDAP_MCP_EXPERIMENTAL_OPENLDAP |
false |
Opt in to the experimental OpenLDAP provider (two tools, no privacy guarantees) |
LDAP_MCP_EXPOSE_SENSITIVE_DATA |
false |
Disable privacy mode (see Privacy Mode) |
LDAP_MCP_DEBUG |
false |
Enable debug logging and tracebacks in tool errors |
LDAP_MCP_TOOL_TIMEOUT |
30 |
Per-tool-call timeout in seconds |
LDAP_MCP_MAX_TOOL_TIMEOUT |
120 |
Timeout ceiling for heavy tools (first_look, archive comparison, …) |
LDAP_CONNECT_TIMEOUT |
30 |
LDAP network/operation timeout in seconds (prevents hangs on unreachable servers) |
Single-server fallback (used only when LDAP_SERVERS_CONFIG is not set):
| Variable | Default | Purpose |
|---|---|---|
LDAP_URL |
– | Full LDAP URL (alternative to hostname/port/SSL vars) |
LDAP_HOSTNAME / LDAP_PORT / LDAP_USE_SSL |
localhost / 389 / false |
Connection parameters |
LDAP_BASE_DN |
– | Default search base |
LDAP_BIND_DN / LDAP_BIND_PASSWORD |
cn=Directory Manager / – |
Bind credentials (no default password) |
LDAP_AUTH_METHOD |
simple |
simple or anonymous (the only implemented binds; LDAPI/SASL EXTERNAL is selected via LDAP_USE_LDAPI, not here) |
LDAP_IS_LOCAL / LDAP_SERVERID |
false / – |
Enable local-instance features (logs, disk, certs) |
LDAP_USE_LDAPI |
false |
Connect over the LDAPI unix socket |
LDAP_IS_OFFLINE |
false |
Treat the local instance as stopped (offline mode) |
LDAP_TLS_VERIFY |
true |
Verify the server certificate on remote ldaps:// connections (set false only for trusted labs) |
Troubleshooting
| Symptom | Cause / Fix |
|---|---|
python-ldap fails to build during install |
Missing system headers — see the install playbook |
Tools report a default localhost server instead of your config |
LDAP_SERVERS_CONFIG not set or not loadable in the MCP client config — see servers.json path resolution |
list_* tools return only counts; ldap_search/get_user_details refuse to run |
That's privacy mode (default, working as intended) — see Privacy Mode |
| "requires a running server with a live LDAP connection" errors | The target is an offline/archive server — the error message lists the tools that do work there |
| LDAPI connection fails for a local server | Check serverid has no slapd- prefix and the instance socket exists |
No LDAP server to test against? The Development Guide spins up test containers with Docker.
Limitations
- Beta — Tool schemas, output formats, and configuration fields may change before 1.0.0
- LLM interpretation — Tools return accurate data, but the LLM interprets it. Hallucinations are possible. Always verify recommendations before acting.
- Read-only — No write operations yet
- Plain text passwords — Use restrictive file permissions on config files
- STDIO transport only — No HTTP/SSE support yet
Documentation
| Document | Description |
|---|---|
| Changelog | Version history and release notes |
| Archive / SOS playbook | Summarize an SOS report before opening the case |
| Install playbook | python-ldap builds, WSL2, uvx, config path resolution |
| Development Guide | Dev environment setup, configuration, architecture |
| Testing Guide | Running and writing tests |
| Contributing Guide | How to contribute |
| Release Checklist | How releases are cut and verified |
| 389 DS Tools | 389 Directory Server tools reference |
| OpenLDAP Tools | OpenLDAP tools reference (experimental, opt-in only) |
License
GPL-3.0-or-later. Built on lib389 (the official 389 Directory Server administration library) and FastMCP.
References
- PyPI package
- Official MCP Registry — listed as
io.github.droideck/ldap-assistant-mcp - Model Context Protocol
- 389 Directory Server
- FastMCP 2.0
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file ldap_assistant_mcp-0.5.0.tar.gz.
File metadata
- Download URL: ldap_assistant_mcp-0.5.0.tar.gz
- Upload date:
- Size: 151.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
211aee8143496fc8ae36c8e8ad4bae1f7c887f428a061ed26b86329a8eb95a36
|
|
| MD5 |
975794609b3b18087b572f308204a018
|
|
| BLAKE2b-256 |
666291126cc8916993703c5b716aa6a330c8fd2b7597e939c2fa171df6a1b2d1
|
Provenance
The following attestation bundles were made for ldap_assistant_mcp-0.5.0.tar.gz:
Publisher:
release.yml on droideck/ldap-assistant-mcp
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
ldap_assistant_mcp-0.5.0.tar.gz -
Subject digest:
211aee8143496fc8ae36c8e8ad4bae1f7c887f428a061ed26b86329a8eb95a36 - Sigstore transparency entry: 2044514267
- Sigstore integration time:
-
Permalink:
droideck/ldap-assistant-mcp@b4b76a44d709442c5b5e32d50d2642a663aeec78 -
Branch / Tag:
refs/tags/v0.5.0 - Owner: https://github.com/droideck
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@b4b76a44d709442c5b5e32d50d2642a663aeec78 -
Trigger Event:
push
-
Statement type:
File details
Details for the file ldap_assistant_mcp-0.5.0-py3-none-any.whl.
File metadata
- Download URL: ldap_assistant_mcp-0.5.0-py3-none-any.whl
- Upload date:
- Size: 168.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
577cee8fbebbd81d76bc4ce3a6728caff10b85904bc76b57db9b3d03611fedf8
|
|
| MD5 |
80b489fc7b7ff88503fb5b2e7b1bf905
|
|
| BLAKE2b-256 |
345918f3071ca8fc77ddff063f07cf1a4684506dd7cd36185f04a9dd5e8f40d1
|
Provenance
The following attestation bundles were made for ldap_assistant_mcp-0.5.0-py3-none-any.whl:
Publisher:
release.yml on droideck/ldap-assistant-mcp
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
ldap_assistant_mcp-0.5.0-py3-none-any.whl -
Subject digest:
577cee8fbebbd81d76bc4ce3a6728caff10b85904bc76b57db9b3d03611fedf8 - Sigstore transparency entry: 2044514287
- Sigstore integration time:
-
Permalink:
droideck/ldap-assistant-mcp@b4b76a44d709442c5b5e32d50d2642a663aeec78 -
Branch / Tag:
refs/tags/v0.5.0 - Owner: https://github.com/droideck
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@b4b76a44d709442c5b5e32d50d2642a663aeec78 -
Trigger Event:
push
-
Statement type: