This repository has been archived on 2023-12-11. You can view files and clone it, but cannot push or open issues or pull requests.
pgls/config/sample-config2.yaml

64 lines
2.4 KiB
YAML
Raw Normal View History

2011-07-08 14:18:10 +04:00
# With this sample config the distinction between LDAP-synchronized
# groups/users from is done by the membership to ldap_user and
2012-11-14 13:10:45 +04:00
# ldap_group. These two roles has to be defined manally before
# pg_ldap_sync can run.
2011-07-08 14:18:10 +04:00
# Connection parameters to LDAP server
# see also: http://net-ldap.rubyforge.org/Net/LDAP.html#method-c-new
ldap_connection:
host: ldapserver
port: 636
2011-07-08 14:18:10 +04:00
auth:
method: :simple
username: CN=username,OU=!Serviceaccounts,OU=company,DC=company,DC=de
password: secret
encryption:
method: :simple_tls
2011-07-08 14:18:10 +04:00
# Search parameters for LDAP users which should be synchronized
ldap_users:
base: OU=company,DC=company,DC=prod
# LDAP filter (according to RFC 2254)
# defines to users in LDAP to be synchronized
filter: (&(objectClass=person)(objectClass=organizationalPerson)(givenName=*)(sn=*)(sAMAccountName=*))
# this attribute is used as PG role name
name_attribute: sAMAccountName
# lowercase name for use as PG role name
lowercase_name: true
2022-01-17 16:48:49 +03:00
# Add lowercase name *and* original name for use as PG role names (useful for migrating between case types)
bothcase_name: false
2011-07-08 14:18:10 +04:00
# Search parameters for LDAP groups which should be synchronized
ldap_groups:
base: OU=company,DC=company,DC=prod
filter: (cn=company.*)
# this attribute is used as PG role name
name_attribute: cn
# lowercase name for use as PG role name
lowercase_name: false
2011-07-08 14:18:10 +04:00
# this attribute must reference to all member DN's of the given group
member_attribute: member
# Connection parameters to PostgreSQL server
2012-11-14 13:10:45 +04:00
# see also: http://rubydoc.info/gems/pg/PG/Connection#initialize-instance_method
2011-07-08 14:18:10 +04:00
pg_connection:
host:
dbname: postgres
user:
password:
pg_users:
# Filter for identifying LDAP generated users in the database.
# It's the WHERE-condition to "SELECT rolname, oid FROM pg_roles"
filter: oid IN (SELECT pam.member FROM pg_auth_members pam JOIN pg_roles pr ON pr.oid=pam.roleid WHERE pr.rolname='ldap_users')
# Options for CREATE RULE statements
create_options: LOGIN IN ROLE ldap_users
pg_groups:
# Filter for identifying LDAP generated groups in the database.
# It's the WHERE-condition to "SELECT rolname, oid FROM pg_roles"
filter: oid IN (SELECT pam.member FROM pg_auth_members pam JOIN pg_roles pr ON pr.oid=pam.roleid WHERE pr.rolname='ldap_groups')
# Options for CREATE RULE statements
create_options: NOLOGIN IN ROLE ldap_groups
grant_options: