2011-07-08 14:18:10 +04:00
|
|
|
# With this sample config the distinction between PG groups and users is
|
|
|
|
# done by the LOGIN/NOLOGIN attribute. Any non-superuser account
|
|
|
|
# is considered as LDAP-synchronized.
|
2011-05-24 10:06:08 +04:00
|
|
|
|
|
|
|
# Connection parameters to LDAP server
|
|
|
|
# see also: http://net-ldap.rubyforge.org/Net/LDAP.html#method-c-new
|
|
|
|
ldap_connection:
|
|
|
|
host: localhost
|
|
|
|
port: 389
|
|
|
|
auth:
|
|
|
|
method: :simple
|
|
|
|
username: CN=username,OU=!Serviceaccounts,OU=company,DC=company,DC=de
|
|
|
|
password: secret
|
|
|
|
|
|
|
|
# Search parameters for LDAP users which should be synchronized
|
|
|
|
ldap_users:
|
|
|
|
base: OU=company,OU=company,DC=company,DC=de
|
2011-05-24 13:43:21 +04:00
|
|
|
# LDAP filter (according to RFC 2254)
|
2011-07-08 14:18:10 +04:00
|
|
|
# defines to users in LDAP to be synchronized
|
2011-05-24 10:06:08 +04:00
|
|
|
filter: (&(objectClass=person)(objectClass=organizationalPerson)(givenName=*)(sn=*))
|
|
|
|
# this attribute is used as PG role name
|
|
|
|
name_attribute: sAMAccountName
|
|
|
|
|
|
|
|
# Search parameters for LDAP groups which should be synchronized
|
|
|
|
ldap_groups:
|
|
|
|
base: OU=company,OU=company,DC=company,DC=de
|
2011-07-08 14:18:10 +04:00
|
|
|
filter: (|(cn=group1)(cn=group2)(cn=group3))
|
2011-05-24 10:06:08 +04:00
|
|
|
# this attribute is used as PG role name
|
|
|
|
name_attribute: cn
|
|
|
|
# this attribute must reference to all member DN's of the given group
|
|
|
|
member_attribute: member
|
|
|
|
|
|
|
|
# Connection parameters to PostgreSQL server
|
|
|
|
# see also: http://rubydoc.info/gems/pg/0.11.0/PGconn#initialize-instance_method
|
|
|
|
pg_connection:
|
|
|
|
host:
|
|
|
|
dbname: postgres
|
|
|
|
user: db-username
|
|
|
|
password:
|
|
|
|
|
|
|
|
pg_users:
|
2011-05-24 13:43:21 +04:00
|
|
|
# Filter for identifying LDAP generated users in the database.
|
|
|
|
# It's the WHERE-condition to "SELECT rolname, oid FROM pg_roles"
|
2011-05-24 10:06:08 +04:00
|
|
|
filter: rolcanlogin AND NOT rolsuper
|
2011-05-24 13:43:21 +04:00
|
|
|
# Options for CREATE RULE statements
|
2011-05-24 10:06:08 +04:00
|
|
|
create_options: LOGIN
|
|
|
|
|
|
|
|
pg_groups:
|
2011-05-24 13:43:21 +04:00
|
|
|
# Filter for identifying LDAP generated groups in the database.
|
|
|
|
# It's the WHERE-condition to "SELECT rolname, oid FROM pg_roles"
|
2011-07-08 14:18:10 +04:00
|
|
|
filter: NOT rolcanlogin AND NOT rolsuper
|
2011-05-24 13:43:21 +04:00
|
|
|
# Options for CREATE RULE statements
|
2011-05-24 10:06:08 +04:00
|
|
|
create_options: NOLOGIN
|
|
|
|
grant_options:
|