MCP server for 389 Directory Server health diagnostics, log analysis, and SOS-report investigation
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"io-github-droideck-ldap-assistant-mcp": {
"command": "<see-readme>",
"args": []
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
MCP server for 389 Directory Server health diagnostics, log analysis, and SOS-report investigation
No automated test available for this server. Check the GitHub README for setup instructions.
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
No package registry to scan.
This server is missing a description. Tools and install config are also missing.If you've used it, help the community.
Add informationBe the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in security
Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.
Model Context Protocol for WinDBG
Security scanner for GitHub repos, Agent Skills, Plugins, and MCP servers. 18 scanners. Zero dependencies.
MCP server for Atomic Red Team
MCP Security Weekly
Get CVE alerts and security updates for io.github.droideck/ldap-assistant-mcp and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
Beta — read-only 389 Directory Server diagnostics, suitable for evaluation and internal troubleshooting. Tool schemas, output formats, and configuration fields may still change before 1.0.0.
LDAP Assistant MCP turns your AI assistant into a 389 Directory Server support engineer. Point it at live servers, stopped instances, or an SOS report from a customer case, and ask:
It answers with prioritized findings (severity, impact, remediation) from 42 read-only diagnostic tools built on lib389, the official 389 DS administration library. Privacy mode is on by default: DNs, hostnames, and IPs are redacted before anything reaches the LLM.
Supported provider: 389 Directory Server. (OpenLDAP provider code exists experimentally behind an opt-in flag, with no privacy guarantees, and is not part of the support contract — see Environment Variables.)
Linux (primary) or macOS. Windows is not supported natively (python-ldap has no official Windows wheels) — use WSL2 (see the install playbook)
Python 3.11+ (3.13 is what CI tests against)
uv package manager
MCP client (Claude Desktop, Claude Code, Cursor, Gemini CLI, etc.)
System development libraries (needed to build python-ldap):
Fedora / RHEL / CentOS:
sudo dnf install python3-devel openldap-devel cyrus-sasl-devel openssl-devel gcc
Ubuntu / Debian:
sudo apt install python3-dev libldap2-dev libsasl2-dev libssl-dev gcc
macOS (Homebrew):
brew install openldap
export LDFLAGS="-L$(brew --prefix openldap)/lib"
export CPPFLAGS="-I$(brew --prefix openldap)/include"
Anything failing during install? → Installation troubleshooting playbook
No clone needed — your MCP client runs the published package via uvx. Skip ahead to Configure your servers, then use this client configuration (Claude Desktop: ~/Library/Application Support/Claude/claude_desktop_config.json on macOS):
{
"mcpServers": {
"ldap-assistant-mcp": {
"command": "uvx",
"args": ["ldap-assistant-mcp"],
"env": {
"LDAP_SERVERS_CONFIG": "/absolute/path/to/servers.json"
}
}
}
}
Use an absolute path for LDAP_SERVERS_CONFIG — relative paths resolve against the MCP client's working directory, which is usually not where you think.
git clone https://github.com/droideck/ldap-assistant-mcp.git
cd ldap-assistant-mcp
uv venv && source .venv/bin/activate
uv pip install -e .[dev]
# Register with your MCP client via FastMCP:
fastmcp install claude-desktop fastmcp.json # or: fastmcp install claude-code fastmcp.json
Then set LDAP_SERVERS_CONFIG in the generated client entry as above. See the Development Guide for test containers and architecture.
Create a servers.json with your LDAP server(s). Note: the name field is never redacted in privacy mode — it is passed as-is to AI agents so they can reference servers across tool calls. Do not put hostnames, IPs, or other private information in server names.
{
"servers": [
{
"name": "local-ds",
"ldap_url": "ldap://localhost:389",
"base_dn": "dc=example,dc=com",
"bind_dn": "cn=Directory Manager",
"bin
... [View full README on GitHub](https://github.com/droideck/ldap-assistant-mcp#readme)