add sample and schema yaml files

2011-05-24 08:06:08 +02:00 · 2011-05-24 08:06:08 +02:00 · adab86a3f0
commit adab86a3f0
parent 5800f7cbc4
3 changed files with 109 additions and 2 deletions
--- a/config/sample-config.yaml
+++ b/config/sample-config.yaml
@ -0,0 +1,45 @@
+
+# Connection parameters to LDAP server
+# see also: http://net-ldap.rubyforge.org/Net/LDAP.html#method-c-new
+ldap_connection:
+  host: localhost
+  port: 389
+  auth:
+    method: :simple
+    username: CN=username,OU=!Serviceaccounts,OU=company,DC=company,DC=de
+    password: secret
+
+# Search parameters for LDAP users which should be synchronized
+ldap_users:
+  base: OU=company,OU=company,DC=company,DC=de
+  filter: (&(objectClass=person)(objectClass=organizationalPerson)(givenName=*)(sn=*))
+  # this attribute is used as PG role name
+  name_attribute: sAMAccountName
+
+# Search parameters for LDAP groups which should be synchronized
+ldap_groups:
+  base: OU=company,OU=company,DC=company,DC=de
+  filter: (|(cn=cc.group1)(cn=group2)(cn=group3))
+  # this attribute is used as PG role name
+  name_attribute: cn
+  # this attribute must reference to all member DN's of the given group
+  member_attribute: member
+
+# Connection parameters to PostgreSQL server
+# see also: http://rubydoc.info/gems/pg/0.11.0/PGconn#initialize-instance_method
+pg_connection:
+  host:
+  dbname: postgres
+  user: db-username
+  password:
+
+pg_users:
+  # WHERE-condition to identify LDAP generated users
+  filter: rolcanlogin AND NOT rolsuper
+  create_options: LOGIN
+
+pg_groups:
+  # WHERE-condition to identify LDAP generated groups
+  filter: NOT rolcanlogin
+  create_options: NOLOGIN
+  grant_options:
--- a/config/schema.yaml
+++ b/config/schema.yaml
@ -0,0 +1,62 @@
+type:       map
+mapping:
+  "ldap_connection":
+    type:      any
+    required:  yes
+
+  "ldap_users":
+    type: map
+    required: yes
+    mapping:
+      "base":
+        type: str
+        required:  yes
+      "filter":
+        type: str
+        required:  yes
+      "name_attribute":
+        type: str
+        required:  yes
+
+  "ldap_groups":
+    type: map
+    required: yes
+    mapping:
+      "base":
+        type: str
+        required:  yes
+      "filter":
+        type: str
+        required:  yes
+      "name_attribute":
+        type: str
+        required:  yes
+      "member_attribute":
+        type: str
+        required:  yes
+
+  "pg_connection":
+    type:      any
+    required:  yes
+
+  "pg_users":
+    type: map
+    required: yes
+    mapping:
+      "filter":
+        type: str
+        required:  yes
+      "create_options":
+        type: str
+
+  "pg_groups":
+    type: map
+    required: yes
+    mapping:
+      "filter":
+        type: str
+        required:  yes
+      "create_options":
+        type: str
+      "grant_options":
+        type: str
--- a/lib/pg_ldap_sync/application.rb
+++ b/lib/pg_ldap_sync/application.rb
@ -61,7 +61,7 @@ class Application
      name = entry[ldap_user_conf[:name_attribute]].first

      unless name
-        log.warn "user attribute #{ldap_user_conf[:name_attribute].inspect} not found for #{entry.dn}"
+        log.warn "user attribute #{ldap_user_conf[:name_attribute].inspect} not defined for #{entry.dn}"
        next
      end

@ -86,7 +86,7 @@ class Application
      name = entry[ldap_group_conf[:name_attribute]].first

      unless name
-        log.warn "user attribute #{ldap_group_conf[:name_attribute].inspect} not found for #{entry.dn}"
+        log.warn "user attribute #{ldap_group_conf[:name_attribute].inspect} not defined for #{entry.dn}"
        next
      end