Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # With this sample config the distinction between LDAP-synchronized
- # groups/users from is done by the membership to ldap_user and
- # ldap_group. These two roles has to be defined manally before
- # pg_ldap_sync can run.
- # Connection parameters to LDAP server
- # see also: http://net-ldap.rubyforge.org/Net/LDAP.html#method-c-new
- ldap_connection:
- host:
- port:
- auth:
- method: :simple
- username:
- password:
- # Search parameters for LDAP users which should be synchronized
- ldap_users:
- base: DC=ultranode,DC=xyz
- # LDAP filter (according to RFC 2254)
- # defines to users in LDAP to be synchronized
- filter: (&(objectClass=person)(objectClass=organizationalPerson)(givenName=*)(sn=*)(userPrincipalName=*))
- # this attribute is used as PG role name
- name_attribute: userPrincipalName
- # lowercase name for use as PG role name
- lowercase_name: true
- # Search parameters for LDAP groups which should be synchronized
- ldap_groups:
- base: DC=ultranode,DC=xyz
- filter: (|(cn=*Admin*)(cn=*Users*))
- # this attribute is used as PG role name
- name_attribute: cn
- # lowercase name for use as PG role name
- lowercase_name: false
- # this attribute must reference to all member DN's of the given group
- member_attribute: member
- # Connection parameters to PostgreSQL server
- # see also: http://rubydoc.info/gems/pg/PG/Connection#initialize-instance_method
- pg_connection:
- host: localhost
- dbname: postgres
- user: postgres
- password:
- pg_users:
- # Filter for identifying LDAP generated users in the database.
- # It's the WHERE-condition to "SELECT rolname, oid FROM pg_roles"
- filter: oid IN (SELECT pam.member FROM pg_auth_members pam JOIN pg_roles pr ON pr.oid=pam.roleid WHERE pr.rolname='ldap_users')
- # Options for CREATE RULE statements
- create_options: LOGIN IN ROLE ldap_users
- pg_groups:
- # Filter for identifying LDAP generated groups in the database.
- # It's the WHERE-condition to "SELECT rolname, oid FROM pg_roles"
- filter: oid IN (SELECT pam.member FROM pg_auth_members pam JOIN pg_roles pr ON pr.oid=pam.roleid WHERE pr.rolname='ldap_groups')
- # Options for CREATE RULE statements
- create_options: NOLOGIN IN ROLE ldap_groups
- grant_options:
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement