From adab86a3f0537214ff6985afd3312cc9c394815a Mon Sep 17 00:00:00 2001 From: Lars Kanis Date: Tue, 24 May 2011 08:06:08 +0200 Subject: [PATCH] add sample and schema yaml files --- config/sample-config.yaml | 45 ++++++++++++++++++++++++ config/schema.yaml | 62 +++++++++++++++++++++++++++++++++ lib/pg_ldap_sync/application.rb | 4 +-- 3 files changed, 109 insertions(+), 2 deletions(-) create mode 100644 config/sample-config.yaml create mode 100644 config/schema.yaml diff --git a/config/sample-config.yaml b/config/sample-config.yaml new file mode 100644 index 0000000..8f7879c --- /dev/null +++ b/config/sample-config.yaml @@ -0,0 +1,45 @@ + +# Connection parameters to LDAP server +# see also: http://net-ldap.rubyforge.org/Net/LDAP.html#method-c-new +ldap_connection: + host: localhost + port: 389 + auth: + method: :simple + username: CN=username,OU=!Serviceaccounts,OU=company,DC=company,DC=de + password: secret + +# Search parameters for LDAP users which should be synchronized +ldap_users: + base: OU=company,OU=company,DC=company,DC=de + filter: (&(objectClass=person)(objectClass=organizationalPerson)(givenName=*)(sn=*)) + # this attribute is used as PG role name + name_attribute: sAMAccountName + +# Search parameters for LDAP groups which should be synchronized +ldap_groups: + base: OU=company,OU=company,DC=company,DC=de + filter: (|(cn=cc.group1)(cn=group2)(cn=group3)) + # this attribute is used as PG role name + name_attribute: cn + # this attribute must reference to all member DN's of the given group + member_attribute: member + +# Connection parameters to PostgreSQL server +# see also: http://rubydoc.info/gems/pg/0.11.0/PGconn#initialize-instance_method +pg_connection: + host: + dbname: postgres + user: db-username + password: + +pg_users: + # WHERE-condition to identify LDAP generated users + filter: rolcanlogin AND NOT rolsuper + create_options: LOGIN + +pg_groups: + # WHERE-condition to identify LDAP generated groups + filter: NOT rolcanlogin + create_options: NOLOGIN + grant_options: diff --git a/config/schema.yaml b/config/schema.yaml new file mode 100644 index 0000000..417053f --- /dev/null +++ b/config/schema.yaml @@ -0,0 +1,62 @@ +type: map +mapping: + "ldap_connection": + type: any + required: yes + + "ldap_users": + type: map + required: yes + mapping: + "base": + type: str + required: yes + "filter": + type: str + required: yes + "name_attribute": + type: str + required: yes + + "ldap_groups": + type: map + required: yes + mapping: + "base": + type: str + required: yes + "filter": + type: str + required: yes + "name_attribute": + type: str + required: yes + "member_attribute": + type: str + required: yes + + "pg_connection": + type: any + required: yes + + "pg_users": + type: map + required: yes + mapping: + "filter": + type: str + required: yes + "create_options": + type: str + + "pg_groups": + type: map + required: yes + mapping: + "filter": + type: str + required: yes + "create_options": + type: str + "grant_options": + type: str diff --git a/lib/pg_ldap_sync/application.rb b/lib/pg_ldap_sync/application.rb index 647a294..59c08bb 100644 --- a/lib/pg_ldap_sync/application.rb +++ b/lib/pg_ldap_sync/application.rb @@ -61,7 +61,7 @@ class Application name = entry[ldap_user_conf[:name_attribute]].first unless name - log.warn "user attribute #{ldap_user_conf[:name_attribute].inspect} not found for #{entry.dn}" + log.warn "user attribute #{ldap_user_conf[:name_attribute].inspect} not defined for #{entry.dn}" next end @@ -86,7 +86,7 @@ class Application name = entry[ldap_group_conf[:name_attribute]].first unless name - log.warn "user attribute #{ldap_group_conf[:name_attribute].inspect} not found for #{entry.dn}" + log.warn "user attribute #{ldap_group_conf[:name_attribute].inspect} not defined for #{entry.dn}" next end