From 585beeccc0df0f4944260f8f647919e358888aa9 Mon Sep 17 00:00:00 2001 From: Lars Kanis Date: Wed, 13 Jul 2011 21:14:04 +0200 Subject: [PATCH] add some documentation --- README.rdoc | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/README.rdoc b/README.rdoc index 611aaad..f090750 100644 --- a/README.rdoc +++ b/README.rdoc @@ -4,16 +4,17 @@ == DESCRIPTION: -LDAP is often used to do a centralized user and role management +LDAP is often used for a centralized user and role management in an enterprise environment. PostgreSQL offers different authentication methods, like LDAP, SSPI, GSSAPI or SSL. However, for any method the user must already exist in the database, before the authentication can be used. There is currently -no authorization of database users directly based on LDAP. +no direct authorization of database users on LDAP. So roles +and memberships has to be administered twice. This program helps to solve the issue by synchronizing users, groups and their memberships from LDAP to PostgreSQL. -Access to LDAP is read-only. pg_ldap_sync issues proper +Access to LDAP is used read-only. pg_ldap_sync issues proper CREATE ROLE, DROP ROLE, GRANT and REVOKE commands to synchronize users and groups. @@ -24,8 +25,10 @@ It is meant to be started as a cron job. * Configurable per YAML config file * Can use Active Directory as LDAP-Server * Nested groups/roles supported +* Set scope of considered users/groups on LDAP and PG side * Runs with pg.gem (C-library) or postgres-pr.gem (pure Ruby) * Test mode which doesn't do any changes to the DBMS +* Both LDAP and PG connections can be secured by SSL/TLS == REQUIREMENTS: