add some documentation
This commit is contained in:
Lars Kanis
parent
417f0d7c40
commit
585beeccc0
@ -4,16 +4,17 @@
|
||||
|
||||
== DESCRIPTION:
|
||||
|
||||
LDAP is often used to do a centralized user and role management
|
||||
LDAP is often used for a centralized user and role management
|
||||
in an enterprise environment. PostgreSQL offers different
|
||||
authentication methods, like LDAP, SSPI, GSSAPI or SSL.
|
||||
However, for any method the user must already exist in the database,
|
||||
before the authentication can be used. There is currently
|
||||
no authorization of database users directly based on LDAP.
|
||||
no direct authorization of database users on LDAP. So roles
|
||||
and memberships has to be administered twice.
|
||||
|
||||
This program helps to solve the issue by synchronizing users,
|
||||
groups and their memberships from LDAP to PostgreSQL.
|
||||
Access to LDAP is read-only. <tt>pg_ldap_sync</tt> issues proper
|
||||
Access to LDAP is used read-only. <tt>pg_ldap_sync</tt> issues proper
|
||||
CREATE ROLE, DROP ROLE, GRANT and REVOKE commands to synchronize
|
||||
users and groups.
|
||||
|
||||
@ -24,8 +25,10 @@ It is meant to be started as a cron job.
|
||||
* Configurable per YAML config file
|
||||
* Can use Active Directory as LDAP-Server
|
||||
* Nested groups/roles supported
|
||||
* Set scope of considered users/groups on LDAP and PG side
|
||||
* Runs with pg.gem (C-library) or postgres-pr.gem (pure Ruby)
|
||||
* Test mode which doesn't do any changes to the DBMS
|
||||
* Both LDAP and PG connections can be secured by SSL/TLS
|
||||
|
||||
== REQUIREMENTS:
|
||||
|
||||
|
||||
Reference in New Issue
Block a user