pg_ldap_sync_sample_config.yaml

# Reference: https://github.com/larskanis/pg-ldap-sync/blob/master/config/sample-config.yaml

# Connection parameters to LDAP server
# This example uses the FADI ldap server created by default
ldap_connection:
  host: fadi-openldap
  port: 389
  auth:
    method: :simple
    username: CN=admin,DC=ldap,DC=cetic,DC=be
    password: password1

  # Search parameters for LDAP users which should be synchronized
ldap_users:
  base: DC=ldap,DC=cetic,DC=be
  # LDAP filter (according to RFC 2254)
  # defines to users in LDAP to be synchronized
  filter: (cn=*)
  # this attribute is used as PG role name
  name_attribute: cn
  # lowercase name for use as PG role name
  lowercase_name: true
ldap_groups:
    base: ou=Groups,dc=ldap,dc=cetic,dc=be
    filter: (|(cn=group1)(cn=group2)(cn=group3))
    # this attribute is used as PG role name
    name_attribute: cn
    # this attribute must reference to all member DN's of the given group
    member_attribute: member
# Connection parameters to PostgreSQL server
# see also: http://rubydoc.info/gems/pg/PG/Connection#initialize-instance_method
pg_connection:
  host:
  dbname: dbname-goes-here # the db name is usually "postgres"
  user: username-goes-here # the user name is usually "postgres"
  password: password-goes-here # kubectl get secret --namespace fadi <pod_name> -o jsonpath="{.data.postgresql-password}" | base64 --decode
pg_users:
  # Filter for identifying LDAP generated users in the database.
  # It's the WHERE-condition to "SELECT rolname, oid FROM pg_roles"
  filter: rolcanlogin AND NOT rolsuper
  # Options for CREATE RULE statements
  create_options: LOGIN
pg_groups:
  # Filter for identifying LDAP generated groups in the database.
  # It's the WHERE-condition to "SELECT rolname, oid FROM pg_roles"
  filter: NOT rolcanlogin AND NOT rolsuper
  # Options for CREATE RULE statements
  create_options: NOLOGIN
  grant_options: