2011-05-24 00:02:32 +04:00
|
|
|
= Use LDAP permissions in PostgreSQL
|
2011-05-18 17:45:08 +04:00
|
|
|
|
2011-05-24 15:54:53 +04:00
|
|
|
* Homepage: http://github.com/larskanis/pg-ldap-sync
|
2011-05-18 17:45:08 +04:00
|
|
|
|
|
|
|
== DESCRIPTION:
|
|
|
|
|
2011-05-24 15:54:53 +04:00
|
|
|
LDAP is often used to do a centralized user and role management
|
|
|
|
in an enterprise environment. PostgreSQL offers different
|
|
|
|
authentication methods, like LDAP, SSPI, GSSAPI or SSL.
|
|
|
|
However, for any method the user must already exist in the database,
|
|
|
|
before the authentication can be used. There is currently
|
|
|
|
no authorization of database users directly based on LDAP.
|
2011-05-24 00:02:32 +04:00
|
|
|
|
2011-05-24 15:54:53 +04:00
|
|
|
This program solves the issue by synchronizing users, groups and
|
|
|
|
memberships from LDAP to PostgreSQL.
|
|
|
|
It is meant to be started as a cron job.
|
2011-05-18 17:45:08 +04:00
|
|
|
|
|
|
|
== FEATURES/PROBLEMS:
|
|
|
|
|
2011-05-24 00:02:32 +04:00
|
|
|
* Configurable per YAML config file
|
2011-05-24 15:54:53 +04:00
|
|
|
* Use Active Directory as LDAP-Server
|
|
|
|
* Runs with pg.gem (C-library) or postgres-pr.gem (pure Ruby)
|
|
|
|
* Should run on any platform when using postgres-pr.gem
|
|
|
|
|
|
|
|
* There is currently no way to set certain user attributes in PG
|
|
|
|
based on individual attributes in LDAP
|
2011-05-18 17:45:08 +04:00
|
|
|
|
|
|
|
== SYNOPSIS:
|
|
|
|
|
2011-05-24 15:54:53 +04:00
|
|
|
Create a config file based on <tt>config/sample-config.yaml</tt> .
|
|
|
|
|
|
|
|
pg_ldap_sync -c my_config.yaml -vv -t
|
2011-05-18 17:45:08 +04:00
|
|
|
|
|
|
|
== REQUIREMENTS:
|
|
|
|
|
2011-05-24 00:02:32 +04:00
|
|
|
* Installed Ruby and rubygems
|
|
|
|
* LDAP- and PostgreSQL-Server
|
2011-05-18 17:45:08 +04:00
|
|
|
|
|
|
|
== INSTALL:
|
|
|
|
|
2011-05-24 00:02:32 +04:00
|
|
|
Install Ruby and rubygems:
|
2011-05-24 16:03:30 +04:00
|
|
|
* on Windows: http://rubyinstaller.org
|
|
|
|
* on Debian: <tt>apt-get install ruby rubygems</tt>
|
2011-05-24 00:02:32 +04:00
|
|
|
|
|
|
|
Install pg-ldap-sync and a database driver for PostgreSQL:
|
2011-05-24 15:54:53 +04:00
|
|
|
* <tt>gem install pg-ldap-sync pg</tt>
|
|
|
|
* or <tt>gem install pg-ldap-sync postgres-pr</tt> for the
|
|
|
|
pure ruby version with less connection options than <tt>pg</tt>
|
2011-05-24 00:02:32 +04:00
|
|
|
|
|
|
|
Or install from Git:
|
|
|
|
git clone https://github.com/larskanis/pg-ldap-sync.git
|
|
|
|
cd pg-ldap-sync
|
|
|
|
rake install_gem
|
|
|
|
|
2011-05-24 15:54:53 +04:00
|
|
|
== TEST:
|
|
|
|
There is a small test suite in the <tt>test</tt> directory that runs
|
|
|
|
against an internal ruby-ldapserver and PostgreSQL server. Ensure gem
|
|
|
|
<tt>ruby-ldapserver</tt> is installed and <tt>pg_ctl</tt>, <tt>initdb</tt> and <tt>psql</tt>
|
|
|
|
commands are in the <tt>PATH</tt>. Then:
|
|
|
|
|
|
|
|
cd pg-ldap-sync
|
|
|
|
rake test
|
|
|
|
|
2011-05-18 17:45:08 +04:00
|
|
|
|
|
|
|
== LICENSE:
|
|
|
|
|
|
|
|
(The MIT License)
|
|
|
|
|
|
|
|
Copyright (c) 2011 FIX
|
|
|
|
|
|
|
|
Permission is hereby granted, free of charge, to any person obtaining
|
|
|
|
a copy of this software and associated documentation files (the
|
|
|
|
'Software'), to deal in the Software without restriction, including
|
|
|
|
without limitation the rights to use, copy, modify, merge, publish,
|
|
|
|
distribute, sublicense, and/or sell copies of the Software, and to
|
|
|
|
permit persons to whom the Software is furnished to do so, subject to
|
|
|
|
the following conditions:
|
|
|
|
|
|
|
|
The above copyright notice and this permission notice shall be
|
|
|
|
included in all copies or substantial portions of the Software.
|
|
|
|
|
|
|
|
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
|
|
|
|
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|
|
|
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
|
|
|
|
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
|
|
|
|
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
|
|
|
|
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
|
|
|
|
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|