pgls/README.rdoc

= Use LDAP permissions in PostgreSQL

* http://github.com/larskanis/pg-ldap-sync

== DESCRIPTION:

LDAP is often used for a centralized user and role management
in an enterprise environment. PostgreSQL offers different
authentication methods, like LDAP, SSPI, GSSAPI or SSL.
However, for any method the user must already exist in the database,
before the authentication can be used. There is currently
no direct authorization of database users on LDAP. So roles
and memberships has to be administered twice.

This program helps to solve the issue by synchronizing users,
groups and their memberships from LDAP to PostgreSQL.
Access to LDAP is used read-only. <tt>pg_ldap_sync</tt> issues proper
CREATE ROLE, DROP ROLE, GRANT and REVOKE commands to synchronize
users and groups.

It is meant to be started as a cron job.

== FEATURES:

* Configurable per YAML config file
* Can use Active Directory as LDAP-Server
* Nested groups/roles supported
* Set scope of considered users/groups on LDAP and PG side
* Runs with pg.gem (C-library) or postgres-pr.gem (pure Ruby)
* Test mode which doesn't do any changes to the DBMS
* Both LDAP and PG connections can be secured by SSL/TLS

== REQUIREMENTS:

* Ruby-2.0+, JRuby-1.2, Rubinius-1.2 or better
* LDAP-v3 server
* PostgreSQL-server v9.0+

== INSTALL:

Install Ruby:
* on Windows: http://rubyinstaller.org
* on Debian/Ubuntu: <tt>apt-get install ruby libpq-dev</tt>

Install pg-ldap-sync and required dependencies:
  gem install pg-ldap-sync

=== Install from Git:
  git clone https://github.com/larskanis/pg-ldap-sync.git
  cd pg-ldap-sync
  bundle
  rake install

== USAGE:

Create a config file based on
{config/sample-config.yaml}[https://github.com/larskanis/pg-ldap-sync/blob/master/config/sample-config.yaml]
or even better
{config/sample-config2.yaml}[https://github.com/larskanis/pg-ldap-sync/blob/master/config/sample-config2.yaml]

Run in test-mode:

  pg_ldap_sync -c my_config.yaml -vv -t

Run in modify-mode:

  pg_ldap_sync -c my_config.yaml -vv


== TEST:
There is a small test suite in the <tt>test</tt> directory that runs
against an internal ruby-ldapserver and PostgreSQL server. Ensure gem
<tt>ruby-ldapserver</tt> is installed and <tt>pg_ctl</tt>, <tt>initdb</tt> and <tt>psql</tt>
commands are in the <tt>PATH</tt>. Then:

  cd pg-ldap-sync
  rake test

== ISSUES:
* There is currently no way to set certain user attributes in PG
  based on individual attributes in LDAP (expiration date etc.)


== License

The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
add some documentation 2011-05-24 00:02:32 +04:00			`= Use LDAP permissions in PostgreSQL`
Sync roles works, sync membership not yet 2011-05-18 17:45:08 +04:00
adjust github link - was parsed wrong from hoe 2011-07-13 17:23:47 +04:00			`* http://github.com/larskanis/pg-ldap-sync`
Sync roles works, sync membership not yet 2011-05-18 17:45:08 +04:00
			`== DESCRIPTION:`

add some documentation 2011-07-13 23:14:04 +04:00			`LDAP is often used for a centralized user and role management`
update README 2011-05-24 15:54:53 +04:00			`in an enterprise environment. PostgreSQL offers different`
			`authentication methods, like LDAP, SSPI, GSSAPI or SSL.`
			`However, for any method the user must already exist in the database,`
			`before the authentication can be used. There is currently`
add some documentation 2011-07-13 23:14:04 +04:00			`no direct authorization of database users on LDAP. So roles`
			`and memberships has to be administered twice.`
add some documentation 2011-05-24 00:02:32 +04:00
Update README 2011-07-13 16:59:55 +04:00			`This program helps to solve the issue by synchronizing users,`
			`groups and their memberships from LDAP to PostgreSQL.`
add some documentation 2011-07-13 23:14:04 +04:00			`Access to LDAP is used read-only. <tt>pg_ldap_sync</tt> issues proper`
Update README 2011-07-13 16:59:55 +04:00			`CREATE ROLE, DROP ROLE, GRANT and REVOKE commands to synchronize`
			`users and groups.`

update README 2011-05-24 15:54:53 +04:00			`It is meant to be started as a cron job.`
Sync roles works, sync membership not yet 2011-05-18 17:45:08 +04:00
Update README 2011-07-13 16:59:55 +04:00			`== FEATURES:`
Sync roles works, sync membership not yet 2011-05-18 17:45:08 +04:00
add some documentation 2011-05-24 00:02:32 +04:00			`* Configurable per YAML config file`
Update README 2011-07-13 16:59:55 +04:00			`* Can use Active Directory as LDAP-Server`
			`* Nested groups/roles supported`
add some documentation 2011-07-13 23:14:04 +04:00			`* Set scope of considered users/groups on LDAP and PG side`
update README 2011-05-24 15:54:53 +04:00			`* Runs with pg.gem (C-library) or postgres-pr.gem (pure Ruby)`
Update README 2011-07-13 16:59:55 +04:00			`* Test mode which doesn't do any changes to the DBMS`
add some documentation 2011-07-13 23:14:04 +04:00			`* Both LDAP and PG connections can be secured by SSL/TLS`
Sync roles works, sync membership not yet 2011-05-18 17:45:08 +04:00
			`== REQUIREMENTS:`

Remove possibility to use postgres-pr It is no longer maintained and doesn't work with current PostgreSQL versions. 2018-02-07 00:29:48 +03:00			`* Ruby-2.0+, JRuby-1.2, Rubinius-1.2 or better`
clarified requirements in README 2011-07-14 12:15:45 +04:00			`* LDAP-v3 server`
Remove possibility to use postgres-pr It is no longer maintained and doesn't work with current PostgreSQL versions. 2018-02-07 00:29:48 +03:00			`* PostgreSQL-server v9.0+`
Sync roles works, sync membership not yet 2011-05-18 17:45:08 +04:00
			`== INSTALL:`

Remove possibility to use postgres-pr It is no longer maintained and doesn't work with current PostgreSQL versions. 2018-02-07 00:29:48 +03:00			`Install Ruby:`
small README update 2011-05-24 16:03:30 +04:00			`* on Windows: http://rubyinstaller.org`
Remove possibility to use postgres-pr It is no longer maintained and doesn't work with current PostgreSQL versions. 2018-02-07 00:29:48 +03:00			`* on Debian/Ubuntu: <tt>apt-get install ruby libpq-dev</tt>`
add some documentation 2011-05-24 00:02:32 +04:00
Remove possibility to use postgres-pr It is no longer maintained and doesn't work with current PostgreSQL versions. 2018-02-07 00:29:48 +03:00			`Install pg-ldap-sync and required dependencies:`
			`gem install pg-ldap-sync`
add some documentation 2011-05-24 00:02:32 +04:00
Update README 2011-07-13 16:59:55 +04:00			`=== Install from Git:`
add some documentation 2011-05-24 00:02:32 +04:00			`git clone https://github.com/larskanis/pg-ldap-sync.git`
			`cd pg-ldap-sync`
Remove possibility to use postgres-pr It is no longer maintained and doesn't work with current PostgreSQL versions. 2018-02-07 00:29:48 +03:00			`bundle`
			`rake install`
add some documentation 2011-05-24 00:02:32 +04:00
Update README 2011-07-13 16:59:55 +04:00			`== USAGE:`

Add links to config files on github in README. 2014-03-06 17:16:25 +04:00			`Create a config file based on`
			`{config/sample-config.yaml}[https://github.com/larskanis/pg-ldap-sync/blob/master/config/sample-config.yaml]`
Update README.rdoc 2016-01-13 18:45:40 +03:00			`or even better`
Add links to config files on github in README. 2014-03-06 17:16:25 +04:00			`{config/sample-config2.yaml}[https://github.com/larskanis/pg-ldap-sync/blob/master/config/sample-config2.yaml]`

Update README 2011-07-13 16:59:55 +04:00			`Run in test-mode:`

			`pg_ldap_sync -c my_config.yaml -vv -t`

			`Run in modify-mode:`

			`pg_ldap_sync -c my_config.yaml -vv`


update README 2011-05-24 15:54:53 +04:00			`== TEST:`
			`There is a small test suite in the <tt>test</tt> directory that runs`
			`against an internal ruby-ldapserver and PostgreSQL server. Ensure gem`
			`<tt>ruby-ldapserver</tt> is installed and <tt>pg_ctl</tt>, <tt>initdb</tt> and <tt>psql</tt>`
			`commands are in the <tt>PATH</tt>. Then:`

			`cd pg-ldap-sync`
			`rake test`

Update README 2011-07-13 16:59:55 +04:00			`== ISSUES:`
			`* There is currently no way to set certain user attributes in PG`
			`based on individual attributes in LDAP (expiration date etc.)`

Sync roles works, sync membership not yet 2011-05-18 17:45:08 +04:00
Move from Hoe to Bundler This adds a gemspec and a Gemfile to the repository. 2018-02-06 23:56:53 +03:00			`== License`

			`The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).`