Comments (11)
pc-dok
commented on July 29, 2024
the ldapsearch cmd from debug show me this 2 users correct
from ldap2pg.
pc-dok
commented on July 29, 2024
test, groups, world, example, local.domain
dn: cn=test,cn=groups,l=world,o=example,dc=local,dc=domain
uniquemember: uid=test1,ou=user,l=world,o=example,dc=local,dc=domain
uniquemember: uid=test2,ou=user,l=world,o=example,dc=local,dc=domain
objectclass: top
objectclass: groupOfUniquenames
cn: test
from ldap2pg.
bersace
commented on July 29, 2024
Hi @pc-dok . Please share the ldap2pg.yml rule.
from ldap2pg.
pc-dok
commented on July 29, 2024
version: 6
postgres:
roles_blacklist_query: [postgres, pg_*]
privileges:
### Define `ro` privilege group with read-only grants
ro:
- __connect__
- __select_on_tables__
- __select_on_sequences__
- __usage_on_schemas__
- __usage_on_types__
rules:
- description: "Setup static roles and grants."
roles:
- names:
- PG01_dba
options: NOLOGIN
grant:
- privilege: ro
role: PG01_dba
- description: "Search LDAP to create readers, writers and owners."
ldapsearch:
base: cn=groups,l=world,o=example,dc=local,dc=domain
filter: "
(|
(cn=PG01_dba)
)
"
role:
name: '{uniquemember.cn}'
options: LOGIN
parent: "{cn}"
from ldap2pg.
pc-dok
commented on July 29, 2024
so i go right in my mind, that when i have 2 members in this PG01_dba ldap group, that ldap2pg will create a role with PG01_dba, and also 2 roles more for my 2 users, or am i wrong?
from ldap2pg.
bersace
commented on July 29, 2024
so i go right in my mind, that when i have 2 members in this PG01_dba ldap group, that ldap2pg will create a role with PG01_dba, and also 2 roles more for my 2 users, or am i wrong?
Hmm, I guess you hit a weird behaviour. ldap2pg does not sub-search cn and tries to read it from Distinguished Name. However, your Distinguished Name has uid.
ldap2pg should trigger a sub-search to get each cn. This can be costy. Can you use {uniquemember.sAMAccountName} ?
from ldap2pg.
pc-dok
commented on July 29, 2024
version: 6
postgres:
roles_blacklist_query: [postgres, pg_*]
privileges:
# Define `ro` privilege group with read-only grants
ro:
- __connect__
- __select_on_tables__
- __select_on_sequences__
- __usage_on_schemas__
- __usage_on_types__
rules:
- description: "Setup static roles and grants."
roles:
- names:
- PG01_dba
options: NOLOGIN
grant:
- privilege: ro
role: PG01_dba
- description: "Search LDAP to create readers, writers and owners."
ldapsearch:
base: cn=groups,l=world,o=example,dc=local,dc=domain
filter: "
(|
(cn=PG01_dba)
)
"
role:
name: '{uniquemember.uid}'
options: LOGIN
from ldap2pg.
pc-dok
commented on July 29, 2024
so it works
from ldap2pg.
pc-dok
commented on July 29, 2024
for all that is a Oracle Universal Directory - OUD
from ldap2pg.
bersace
commented on July 29, 2024
Ok. I think a better message would help. Something like Missing RDN cn from DN uid=... ?
from ldap2pg.
bersace
commented on July 29, 2024
Fixed in #642
from ldap2pg.
Related Issues (20)
- ERROR: ldap2pg.script: TypeError: unhashable type: 'dict' HOT 2
- Configure role per database HOT 2
- ldap2pg does not synchronize when using {cn} in name or parent HOT 2
- Is predefined role pg_signal_backend required when.using unpriv user? HOT 3
- Complex AD configuration V6.0 HOT 1
- Configure Python Version of ldap2pg v5.9 HOT 8
- Match different Active Directories HOT 5
- ldap2pg cron.d HOT 3
- endless loop when trying to create roles with parent HOT 3
- ldap2pg 6 in official postgres-common repository HOT 2
- Drop schema cascade? HOT 1
- Issue with Applying Privileges for All Schemas HOT 8
- Connect to different Postgres Servers
- Use GSSAPI for directory authentication HOT 8
- Privileges for PostgreSQL procedures HOT 7
- fallback_owner HOT 5
- Typo in documentation
- Runtime error : invalid memory address or nil pointer dereference HOT 2
- Requesting a new build of 5.xversion
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ldap2pg.