PowerShell provider that lets you browse and manage LDAP directories as a virtual filesystem.
PS C:\> Import-LdapConfig # mount drives from config
PS LDAP:\> dir # list entries
PS LDAP:\> cd ou=Users # navigate
PS LDAP:\ou=Users> cat uid=jdoe # view attributes (LDIF)
PS LDAP:\ou=Users> mkdir ou=NewTeam # create entry- Filesystem navigation -
cd,dir,ls,treewith full tab completion - Standard commands -
mkdir,ren,move,delfor LDAP entry operations - Get-Content - View entry attributes in LDIF format
- Get/Set-ItemProperty - Read and write individual attributes
- Search-LdapEntry - LDAP filter search with paging, property selection, and pipeline output
- Pipeline integration -
Search-LdapEntry | Set-LdapAttributefor bulk updates - Schema browsing -
Get-LdapSchemato inspect objectClasses and attributeTypes - Tab completion - Attribute names, schema names, and drive names auto-complete from the server
- Lazy connection - Drives mount instantly; connection is established on first access
- Cross-platform - Works on Windows and Linux (PowerShell 7.4+)
- PowerShell 7.4 or later (Core edition)
- On Linux:
libldap2package (sudo apt-get install libldap2)
git clone https://github.com/yotsuda/LdapDrive.git
cd LdapDrive
dotnet build src/LdapDrive/LdapDrive.csproj -c ReleaseCopy the build output and module files to your PowerShell modules directory:
$dest = "$env:ProgramFiles\PowerShell\7\Modules\LdapDrive"
New-Item -ItemType Directory -Force $dest
Copy-Item src/LdapDrive/bin/Release/net8.0/LdapDrive.dll $dest
Copy-Item module/* $dest -Recurse$cred = Get-Credential
New-LdapDrive -Server ldap.example.com -BaseDn "dc=example,dc=com" -Credential $cred -AuthType Basic
cd LDAP:\
dirFor persistent drives, use the configuration file:
Edit-LdapConfig # opens config in editor
Import-LdapConfig # loads config and mounts drivesThe configuration file (LdapDriveConfig.json) supports multiple drives with global defaults:
{
"AuthType": "Basic",
"PSDrives": [
{
"Name": "LDAP",
"Server": "ldap.example.com",
"Port": 389,
"BaseDn": "dc=example,dc=com",
"Username": "cn=admin,dc=example,dc=com",
"Password": "secret",
"Enabled": true
},
{
"Name": "AD",
"Server": "dc01.contoso.com",
"BaseDn": "dc=contoso,dc=com",
"AuthType": "Negotiate",
"Enabled": true
}
]
}dir # list entries
dir -Recurse # list entire subtree
dir -LdapFilter "(objectClass=inetOrgPerson)" # server-side filter
cat uid=jdoe # view attributes (LDIF format)
Get-ItemProperty uid=jdoe -Name mail, telephoneNumbermkdir ou=Sales # create OU (inferred from RDN prefix)
New-Item uid=jdoe -ItemType inetOrgPerson -Value @{ sn="Doe"; cn="John Doe"; uid="jdoe" }Set-LdapAttribute -DistinguishedName "uid=jdoe,ou=Users,dc=example,dc=com" -Name mail -Value "jdoe@example.com"
Set-LdapAttribute -DistinguishedName "uid=jdoe,ou=Users,dc=example,dc=com" -Attributes @{
mail = "jdoe@example.com"
telephoneNumber = "555-1234"
}ren uid=oldname uid=newname # rename (ModifyDN)
move cn=User ou=OtherDept # move to different parentSearch-LdapEntry "(objectClass=inetOrgPerson)" # find all users
Search-LdapEntry "(uid=*)" -Properties cn, mail, uid | Format-Table # select attributes
Search-LdapEntry "(department=Sales)" | Set-LdapAttribute -Name department -Value "Revenue" # bulk update
Search-LdapEntry "(accountExpired=TRUE)" | Remove-LdapEntry # bulk deleteGet-LdapSchema # list all objectClasses
Get-LdapSchema -Name "inetOrgPerson" # inspect specific class
Get-LdapSchema AttributeType -Name "mail*" # search attributeTypesGet-LdapWhoAmI # check authenticated identity
Test-LdapAttribute uid=jdoe objectClass inetOrgPerson # server-side compare
Set-LdapPassword uid=jdoe -NewPassword (Read-Host -AsSecureString) # change passwordLdapDrive works with PowerShell.MCP to give AI assistants (Claude, GitHub Copilot, etc.) direct access to LDAP directories through the MCP (Model Context Protocol) server.
User: "Show me all users under ou=Sales"
AI → invoke_expression: dir LDAP:\ou=Sales -Recurse -LdapFilter "(objectClass=inetOrgPerson)"
User: "Update the department attribute on all expired accounts"
AI → invoke_expression: Search-LdapEntry "(accountExpired=TRUE)" | Set-LdapAttribute -Name department -Value "Archived"
User: "What objectClasses are available on this server?"
AI → invoke_expression: Get-LdapSchema | Format-Table Name, Kind, Description
Since LdapDrive exposes LDAP as a standard PowerShell provider, any AI agent that can run PowerShell commands can navigate and manage LDAP directories without needing LDAP-specific tooling.
| Cmdlet | Description |
|---|---|
New-LdapDrive |
Create a PSDrive connected to an LDAP server |
Import-LdapConfig |
Load configuration file and mount drives |
Edit-LdapConfig |
Open configuration file in an editor |
Search-LdapEntry |
Search entries with LDAP filter and paging |
Set-LdapAttribute |
Modify attributes on an entry |
Remove-LdapEntry |
Remove an entry by DN |
Get-LdapSchema |
Query schema (objectClasses / attributeTypes) |
Test-LdapAttribute |
Server-side LDAP Compare operation |
Get-LdapWhoAmI |
Who Am I? extended operation (RFC 4532) |
Set-LdapPassword |
Password Modify extended operation (RFC 3062) |
Standard PowerShell commands work through the provider:
| Command | LDAP Operation |
|---|---|
dir / Get-ChildItem |
Search (OneLevel / SubTree) |
cd / Set-Location |
Navigate the directory tree |
cat / Get-Content |
Read entry attributes (LDIF format) |
mkdir / New-Item |
Add entry |
del / Remove-Item |
Delete entry |
ren / Rename-Item |
ModifyDN (rename) |
move / Move-Item |
ModifyDN (move) |
Get-ItemProperty |
Read specific attributes |
Set-ItemProperty |
Modify attributes |
Test-Path |
Check if entry exists |
MIT License. See LICENSE for details.