fruworg/pgls
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add config option :bothcase_name

Browse Source
This commit is contained in:
Lars Kanis 2022-01-17 14:48:49 +01:00
parent 8034957d28
commit d8ea157c66
6 changed files with 85 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/sample-config2.yaml
View File

@ -25,6 +25,8 @@ ldap_users:
name_attribute: sAMAccountName
# lowercase name for use as PG role name
lowercase_name: true
# Add lowercase name *and* original name for use as PG role names (useful for migrating between case types)
bothcase_name: false
# Search parameters for LDAP groups which should be synchronized
ldap_groups:

6
config/schema.yaml
View File

@ -20,6 +20,9 @@ mapping:
"lowercase_name":
type: bool
required: no
"bothcase_name":
type: bool
required: no
"ldap_groups":
type: map
@ -37,6 +40,9 @@ mapping:
"lowercase_name":
type: bool
required: no
"bothcase_name":
type: bool
required: no
"member_attribute":
type: str
required: yes

32
lib/pg_ldap_sync/application.rb
View File

@ -61,11 +61,19 @@ class Application
log.warn "user attribute #{ldap_user_conf[:name_attribute].inspect} not defined for #{entry.dn}"
next
end
name.downcase! if ldap_user_conf[:lowercase_name]
log.info "found user-dn: #{entry.dn}"
user = LdapRole.new name, entry.dn
users << user
names = if ldap_user_conf[:bothcase_name]
[name, name.downcase].uniq
elsif ldap_user_conf[:lowercase_name]
[name.downcase]
else
[name]
end
names.each do |n|
users << LdapRole.new(n, entry.dn)
end
entry.each do |attribute, values|
log.debug " #{attribute}:"
values.each do |value|
@ -88,11 +96,19 @@ class Application
log.warn "user attribute #{ldap_group_conf[:name_attribute].inspect} not defined for #{entry.dn}"
next
end
name.downcase! if ldap_group_conf[:lowercase_name]
log.info "found group-dn: #{entry.dn}"
group = LdapRole.new name, entry.dn, entry[ldap_group_conf[:member_attribute]]
groups << group
names = if ldap_group_conf[:bothcase_name]
[name, name.downcase].uniq
elsif ldap_group_conf[:lowercase_name]
[name.downcase]
else
[name]
end
names.each do |n|
groups << LdapRole.new(n, entry.dn, entry[ldap_group_conf[:member_attribute]])
end
entry.each do |attribute, values|
log.debug " #{attribute}:"
values.each do |value|

34
test/fixtures/config-ldapdb-bothcase.yaml vendored Normal file
View File

@ -0,0 +1,34 @@
---
ldap_connection:
host: localhost
port: 1389
ldap_users:
base: dc=example,dc=com
filter: (sAMAccountName=*)
name_attribute: sAMAccountName
bothcase_name: true
ldap_groups:
base: dc=example,dc=com
filter: (member=*)
name_attribute: cn
bothcase_name: true
member_attribute: member
pg_connection:
dbname: postgres
host: localhost
port: 54321
# needed for postgres-pr:
# user: insert_your_username_here
# password:
pg_users:
filter: rolcanlogin AND NOT rolsuper AND rolname!='double_user'
create_options: LOGIN
pg_groups:
filter: NOT rolcanlogin
create_options: NOLOGIN
grant_options:

4
test/fixtures/ldapdb.yaml vendored
View File

@ -11,14 +11,14 @@ cn=Fred Flintstone,dc=example,dc=com:
sn:
- Flintstone
sAMAccountName:
- fred
- Fred
cn=Wilma Flintstone,dc=example,dc=com:
cn:
- Wilma Flintstone
mail:
- wilma@bedrock.org
sAMAccountName:
- wilma
- Wilma
cn=Flintstones,dc=example,dc=com:
cn:
- Flintstones

25
test/test_pg_ldap_sync.rb
View File

@ -83,7 +83,7 @@ class TestPgLdapSync < Minitest::Test
end
def setup
@pgconn.exec "DROP ROLE IF EXISTS fred, wilma, \"Flintstones\", \"Wilmas\", \"All Users\", double_user"
@pgconn.exec "DROP ROLE IF EXISTS \"Fred\", fred, \"Wilma\", wilma, \"Flintstones\", \"flintstones\", \"Wilmas\", \"wilmas\", \"All Users\", double_user"
end
def assert_role(role_name, attrs, member_of=[])
@ -130,12 +130,12 @@ class TestPgLdapSync < Minitest::Test
sync_with_config(config)
end
def sync_change
sync_to_fixture
def sync_change(fixture: "ldapdb", config: "config-ldapdb")
sync_to_fixture(fixture: fixture, config: config)
yield(@directory)
sync_with_config
sync_with_config(config)
exec_psql_du if $DEBUG
end
@ -153,8 +153,8 @@ class TestPgLdapSync < Minitest::Test
assert_role('All Users', 'Cannot login')
assert_role('Flintstones', 'Cannot login')
assert_role('Wilmas', 'Cannot login', ['All Users'])
assert_role('fred', '', ['All Users', 'Flintstones'])
assert_role('wilma', '', ['Flintstones', 'Wilmas'])
assert_role('Fred', '', ['All Users', 'Flintstones'])
assert_role('Wilma', '', ['Flintstones', 'Wilmas'])
end
def test_add_membership
@ -162,7 +162,15 @@ class TestPgLdapSync < Minitest::Test
# add 'Fred' to 'Wilmas'
@directory[0]['cn=Wilmas,dc=example,dc=com']['member'] << 'cn=Fred Flintstone,dc=example,dc=com'
end
assert_role('fred', '', ['All Users', 'Flintstones', 'Wilmas'])
assert_role('Fred', '', ['All Users', 'Flintstones', 'Wilmas'])
end
def test_add_membership_bothcase
sync_change(config: "config-ldapdb-bothcase") do |dir|
# add 'Fred' to 'Wilmas'
@directory[0]['cn=Wilmas,dc=example,dc=com']['member'] << 'cn=Fred Flintstone,dc=example,dc=com'
end
assert_role('fred', '', ['All Users', 'all users', 'Flintstones', 'flintstones', 'Wilmas', 'wilmas'])
end
def test_revoke_membership
@ -170,7 +178,7 @@ class TestPgLdapSync < Minitest::Test
# revoke membership of 'wilma' to 'Flintstones'
dir[0]['cn=Flintstones,dc=example,dc=com']['member'].pop
end
assert_role('wilma', '', ['Wilmas'])
assert_role('Wilma', '', ['Wilmas'])
end
def test_rename_role
@ -179,6 +187,7 @@ class TestPgLdapSync < Minitest::Test
dir[0]['cn=Wilma Flintstone,dc=example,dc=com']['sAMAccountName'] = ['Wilma Flintstone']
end
refute_role('wilma')
refute_role('Wilma')
assert_role('Wilma Flintstone', '', ['Flintstones', 'Wilmas'])
end