This repository has been archived on 2023-12-11. You can view files and clone it, but cannot push or open issues or pull requests.
pgls/config/sample-config.yaml

51 lines
1.6 KiB
YAML
Raw Normal View History

2011-05-24 08:06:08 +02:00
# Connection parameters to LDAP server
# see also: http://net-ldap.rubyforge.org/Net/LDAP.html#method-c-new
ldap_connection:
host: localhost
port: 389
auth:
method: :simple
username: CN=username,OU=!Serviceaccounts,OU=company,DC=company,DC=de
password: secret
# Search parameters for LDAP users which should be synchronized
ldap_users:
base: OU=company,OU=company,DC=company,DC=de
2011-05-24 11:43:21 +02:00
# LDAP filter (according to RFC 2254)
2011-05-24 08:06:08 +02:00
filter: (&(objectClass=person)(objectClass=organizationalPerson)(givenName=*)(sn=*))
# this attribute is used as PG role name
name_attribute: sAMAccountName
# Search parameters for LDAP groups which should be synchronized
ldap_groups:
base: OU=company,OU=company,DC=company,DC=de
filter: (|(cn=cc.group1)(cn=group2)(cn=group3))
# this attribute is used as PG role name
name_attribute: cn
# this attribute must reference to all member DN's of the given group
member_attribute: member
# Connection parameters to PostgreSQL server
# see also: http://rubydoc.info/gems/pg/0.11.0/PGconn#initialize-instance_method
pg_connection:
host:
dbname: postgres
user: db-username
password:
pg_users:
2011-05-24 11:43:21 +02:00
# Filter for identifying LDAP generated users in the database.
# It's the WHERE-condition to "SELECT rolname, oid FROM pg_roles"
2011-05-24 08:06:08 +02:00
filter: rolcanlogin AND NOT rolsuper
2011-05-24 11:43:21 +02:00
# Options for CREATE RULE statements
2011-05-24 08:06:08 +02:00
create_options: LOGIN
pg_groups:
2011-05-24 11:43:21 +02:00
# Filter for identifying LDAP generated groups in the database.
# It's the WHERE-condition to "SELECT rolname, oid FROM pg_roles"
2011-05-24 08:06:08 +02:00
filter: NOT rolcanlogin
2011-05-24 11:43:21 +02:00
# Options for CREATE RULE statements
2011-05-24 08:06:08 +02:00
create_options: NOLOGIN
grant_options: