API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 28th, 2020
199
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
autoconf 2.19 KB | None | 0 0
raw download clone embed print report
  1. # With this sample config the distinction between LDAP-synchronized
  2. # groups/users from is done by the membership to ldap_user and
  3. # ldap_group. These two roles has to be defined manally before
  4. # pg_ldap_sync can run.
  5.  
  6. # Connection parameters to LDAP server
  7. # see also: http://net-ldap.rubyforge.org/Net/LDAP.html#method-c-new
  8. ldap_connection:
  9.   host:
  10.   port:
  11.   auth:
  12.     method: :simple
  13.     username:
  14.     password:
  15.  
  16. # Search parameters for LDAP users which should be synchronized
  17. ldap_users:
  18.   base: DC=ultranode,DC=xyz
  19.   # LDAP filter (according to RFC 2254)
  20.   # defines to users in LDAP to be synchronized
  21.   filter: (&(objectClass=person)(objectClass=organizationalPerson)(givenName=*)(sn=*)(userPrincipalName=*))
  22.   # this attribute is used as PG role name
  23.   name_attribute: userPrincipalName
  24.   # lowercase name for use as PG role name
  25.   lowercase_name: true
  26.  
  27. # Search parameters for LDAP groups which should be synchronized
  28. ldap_groups:
  29.   base: DC=ultranode,DC=xyz
  30.   filter: (|(cn=*Admin*)(cn=*Users*))
  31.   # this attribute is used as PG role name
  32.   name_attribute: cn
  33.   # lowercase name for use as PG role name
  34.   lowercase_name: false
  35.   # this attribute must reference to all member DN's of the given group
  36.   member_attribute: member
  37.  
  38. # Connection parameters to PostgreSQL server
  39. # see also: http://rubydoc.info/gems/pg/PG/Connection#initialize-instance_method
  40. pg_connection:
  41.   host: localhost
  42.   dbname: postgres
  43.   user: postgres
  44.   password:
  45.  
  46. pg_users:
  47.   # Filter for identifying LDAP generated users in the database.
  48.   # It's the WHERE-condition to "SELECT rolname, oid FROM pg_roles"
  49.   filter: oid IN (SELECT pam.member FROM pg_auth_members pam JOIN pg_roles pr ON pr.oid=pam.roleid WHERE pr.rolname='ldap_users')
  50.   # Options for CREATE RULE statements
  51.   create_options: LOGIN IN ROLE ldap_users
  52.  
  53. pg_groups:
  54.   # Filter for identifying LDAP generated groups in the database.
  55.   # It's the WHERE-condition to "SELECT rolname, oid FROM pg_roles"
  56.   filter: oid IN (SELECT pam.member FROM pg_auth_members pam JOIN pg_roles pr ON pr.oid=pam.roleid WHERE pr.rolname='ldap_groups')
  57.   # Options for CREATE RULE statements
  58.   create_options: NOLOGIN IN ROLE ldap_groups
  59.   grant_options:
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!