pgls/config/sample-config.yaml

# With this sample config the distinction between PG groups and users is
# done by the LOGIN/NOLOGIN attribute. Any non-superuser account
# is considered as LDAP-synchronized.

# Connection parameters to LDAP server
# see also: http://net-ldap.rubyforge.org/Net/LDAP.html#method-c-new
ldap_connection:
  host: localhost
  port: 389
  auth:
    method: :simple
    username: CN=username,OU=!Serviceaccounts,OU=company,DC=company,DC=de
    password: secret

# Search parameters for LDAP users which should be synchronized
ldap_users:
  base: OU=company,OU=company,DC=company,DC=de
  # LDAP filter (according to RFC 2254)
  # defines to users in LDAP to be synchronized
  filter: (&(objectClass=person)(objectClass=organizationalPerson)(givenName=*)(sn=*))
  # this attribute is used as PG role name
  name_attribute: sAMAccountName

# Search parameters for LDAP groups which should be synchronized
ldap_groups:
  base: OU=company,OU=company,DC=company,DC=de
  filter: (|(cn=group1)(cn=group2)(cn=group3))
  # this attribute is used as PG role name
  name_attribute: cn
  # this attribute must reference to all member DN's of the given group
  member_attribute: member

# Connection parameters to PostgreSQL server
# see also: http://rubydoc.info/gems/pg/0.11.0/PGconn#initialize-instance_method
pg_connection:
  host:
  dbname: postgres
  user: db-username
  password:

pg_users:
  # Filter for identifying LDAP generated users in the database.
  # It's the WHERE-condition to "SELECT rolname, oid FROM pg_roles"
  filter: rolcanlogin AND NOT rolsuper
  # Options for CREATE RULE statements
  create_options: LOGIN

pg_groups:
  # Filter for identifying LDAP generated groups in the database.
  # It's the WHERE-condition to "SELECT rolname, oid FROM pg_roles"
  filter: NOT rolcanlogin AND NOT rolsuper
  # Options for CREATE RULE statements
  create_options: NOLOGIN
  grant_options:
add new sample-config and comments 2011-07-08 14:18:10 +04:00			`# With this sample config the distinction between PG groups and users is`
			`# done by the LOGIN/NOLOGIN attribute. Any non-superuser account`
			`# is considered as LDAP-synchronized.`
add sample and schema yaml files 2011-05-24 10:06:08 +04:00
			`# Connection parameters to LDAP server`
			`# see also: http://net-ldap.rubyforge.org/Net/LDAP.html#method-c-new`
			`ldap_connection:`
			`host: localhost`
			`port: 389`
			`auth:`
			`method: :simple`
			`username: CN=username,OU=!Serviceaccounts,OU=company,DC=company,DC=de`
			`password: secret`

			`# Search parameters for LDAP users which should be synchronized`
			`ldap_users:`
			`base: OU=company,OU=company,DC=company,DC=de`
add comments to sample config 2011-05-24 13:43:21 +04:00			`# LDAP filter (according to RFC 2254)`
add new sample-config and comments 2011-07-08 14:18:10 +04:00			`# defines to users in LDAP to be synchronized`
add sample and schema yaml files 2011-05-24 10:06:08 +04:00			`filter: (&(objectClass=person)(objectClass=organizationalPerson)(givenName=)(sn=))`
			`# this attribute is used as PG role name`
			`name_attribute: sAMAccountName`

			`# Search parameters for LDAP groups which should be synchronized`
			`ldap_groups:`
			`base: OU=company,OU=company,DC=company,DC=de`
add new sample-config and comments 2011-07-08 14:18:10 +04:00			`filter: (\|(cn=group1)(cn=group2)(cn=group3))`
add sample and schema yaml files 2011-05-24 10:06:08 +04:00			`# this attribute is used as PG role name`
			`name_attribute: cn`
			`# this attribute must reference to all member DN's of the given group`
			`member_attribute: member`

			`# Connection parameters to PostgreSQL server`
			`# see also: http://rubydoc.info/gems/pg/0.11.0/PGconn#initialize-instance_method`
			`pg_connection:`
			`host:`
			`dbname: postgres`
			`user: db-username`
			`password:`

			`pg_users:`
add comments to sample config 2011-05-24 13:43:21 +04:00			`# Filter for identifying LDAP generated users in the database.`
			`# It's the WHERE-condition to "SELECT rolname, oid FROM pg_roles"`
add sample and schema yaml files 2011-05-24 10:06:08 +04:00			`filter: rolcanlogin AND NOT rolsuper`
add comments to sample config 2011-05-24 13:43:21 +04:00			`# Options for CREATE RULE statements`
add sample and schema yaml files 2011-05-24 10:06:08 +04:00			`create_options: LOGIN`

			`pg_groups:`
add comments to sample config 2011-05-24 13:43:21 +04:00			`# Filter for identifying LDAP generated groups in the database.`
			`# It's the WHERE-condition to "SELECT rolname, oid FROM pg_roles"`
add new sample-config and comments 2011-07-08 14:18:10 +04:00			`filter: NOT rolcanlogin AND NOT rolsuper`
add comments to sample config 2011-05-24 13:43:21 +04:00			`# Options for CREATE RULE statements`
add sample and schema yaml files 2011-05-24 10:06:08 +04:00			`create_options: NOLOGIN`
			`grant_options:`