config/sample-config.yaml in pg-ldap-sync-0.4.0 vs config/sample-config.yaml in pg-ldap-sync-0.5.0
- old
+ new
@@ -3,17 +3,30 @@
# is considered as LDAP-synchronized.
# Connection parameters to LDAP server
# see also: http://net-ldap.rubyforge.org/Net/LDAP.html#method-c-new
ldap_connection:
- host: localhost
+ host: ldapserver
port: 389
auth:
method: :simple
username: CN=username,OU=!Serviceaccounts,OU=company,DC=company,DC=de
password: secret
+ # or GSSAPI / Kerberos authentication:
+ auth:
+ method: :gssapi
+ hostname: ldapserver.company.de
+ servicename: ldap # optional, defaults to "ldap"
+
+ # or GSS-SPNEGO / NTLM authentication
+ auth:
+ method: :gss_spnego
+ username: 'myuser'
+ password: 'secret'
+ domain: 'company.de' # optional
+
# Search parameters for LDAP users which should be synchronized
ldap_users:
base: OU=company,OU=company,DC=company,DC=de
# LDAP filter (according to RFC 2254)
# defines to users in LDAP to be synchronized
@@ -49,6 +62,7 @@
# Filter for identifying LDAP generated groups in the database.
# It's the WHERE-condition to "SELECT rolname, oid FROM pg_roles"
filter: NOT rolcanlogin AND NOT rolsuper
# Options for CREATE RULE statements
create_options: NOLOGIN
+ # Options for GRANT <role> TO <group> statements
grant_options: