Merge branch 'master' of https://github.com/larskanis/pg-ldap-sync

2023-07-26 15:08:50 +05:00
parent 7767d94768 5b994514c9
commit aae9d86f57
16 changed files with 241 additions and 30 deletions
--- a/config/sample-config.yaml
+++ b/config/sample-config.yaml
@ -5,13 +5,26 @@
 # Connection parameters to LDAP server
 # see also: http://net-ldap.rubyforge.org/Net/LDAP.html#method-c-new
 ldap_connection:
-  host: localhost
+  host: ldapserver
  port: 389
  auth:
    method: :simple
    username: CN=username,OU=!Serviceaccounts,OU=company,DC=company,DC=de
    password: secret

+  # or GSSAPI / Kerberos authentication:
+  auth:
+    method: :gssapi
+    hostname: ldapserver.company.de
+    servicename: ldap # optional, defaults to "ldap"
+
+  # or GSS-SPNEGO / NTLM authentication
+  auth:
+    method: :gss_spnego
+    username: 'myuser'
+    password: 'secret'
+    domain: 'company.de' # optional
+
 # Search parameters for LDAP users which should be synchronized
 ldap_users:
  base: OU=company,OU=company,DC=company,DC=de
@ -51,4 +64,5 @@ pg_groups:
  filter: NOT rolcanlogin AND NOT rolsuper
  # Options for CREATE RULE statements
  create_options: NOLOGIN
+  # Options for GRANT <role> TO <group> statements
  grant_options:
--- a/config/sample-config2.yaml
+++ b/config/sample-config2.yaml
@ -1,7 +1,12 @@
 # With this sample config the distinction between LDAP-synchronized
-# groups/users from is done by the membership to ldap_user and
-# ldap_group. These two roles have to be defined manally before
-# pg_ldap_sync can run.
+# groups/users from manually created PostgreSQL users is done by the
+# membership in ldap_user and ldap_group.
+# These two roles have to be defined manally before pg_ldap_sync can
+# run and all synchronized users/groups will become member of them
+# later on:
+#     CREATE GROUP ldap_groups;
+#     CREATE USER ldap_users;
+#

 # Connection parameters to LDAP server
 # see also: http://net-ldap.rubyforge.org/Net/LDAP.html#method-c-new
@ -67,4 +72,5 @@ pg_groups:
  filter: oid IN (SELECT pam.member FROM pg_auth_members pam JOIN pg_roles pr ON pr.oid=pam.roleid WHERE pr.rolname='ldap_groups')
  # Options for CREATE RULE statements
  create_options: NOLOGIN IN ROLE ldap_groups
+  # Options for GRANT <role> TO <group> statements
  grant_options: