config:
LDAP_server:
server: '10.210.17.116' # IP для подключения к Active Directory
port: 636 # Порт подключения к Active Directory
user: VARyumin@sberned # Пользователь от которого будут покдючатся к Active Directory
password: P@SSword # Пароль от которого будут покдючатся к Active Directory
base_DN: DC=sberned,DC=lc #
DB_sever:
server: '10.210.17.135' # IP PostgreSQL
port: '5432' # Port PostgreSQL
db_name: 'postgres' # Database PostgreSQL
user: 'postgres' # User Administrator PostgreSQL
password: 'PoStGrEsQL' # Password Administrator PostgreSQL
tech_user: # Технические учетки. По ним никаких изменений и правил не будут применяться
- postgres
- sgr
- css
Mapping: # Тут перечисляются РОЛИ. С какой группой в AD смапить. Какие гранты у этой роли.
read: # И флаг default в какую по умолчанию добавлять новых пользователей
group_bind: 'CN=read.prod.sgr,OU=PostgreSQL,OU=Linux Server,DC=sberned,DC=lc'
grant:
- SELECT
default: True
write:
group_bind: 'CN=write.prod.sgr,OU=PostgreSQL,OU=Linux Server,DC=sberned,DC=lc'
grant:
- SELECT
- INSERT
- UPDATE
- DELETE
usage: sync_to_ad.py [-h] [-f FILE] [-r RUN]
optional arguments:
-h, --help show this help message and exit
-f FILE, --file FILE Specify the configuration file. If you do not specify,
the default file will be used ./config.yml
-r RUN, --run RUN sync or analyz(DEFAULT). sync: WARNING! Will be
synchronized users with Active Directory analyz:
Analyzes user but NO CHANGES it produces!
sync_to_ad.py --run analyz
{'add': ['esgolovachev'], 'del': ['aanosova', 'haydarov']}
*/30 * * * * cd /home/varyumin/sync-user-from-ldap-to-postgresql && ./sync_to_ad.py --run sync
[2017-09-07 15:48:22,253] sync_to_ad.py[LINE:121]# INFO Role "read" in PostgreSQL find
[2017-09-07 15:48:22,256] sync_to_ad.py[LINE:129]# DEBUG GRANT CONNECT ON DATABASE prod_sgr TO read;
[2017-09-07 15:48:22,256] sync_to_ad.py[LINE:133]# DEBUG GRANT USAGE ON SCHEMA public TO read;
[2017-09-07 15:48:22,257] sync_to_ad.py[LINE:137]# DEBUG GRANT SELECT ON ALL TABLES IN SCHEMA public TO read;
[2017-09-07 15:48:22,264] sync_to_ad.py[LINE:129]# DEBUG GRANT CONNECT ON DATABASE testdb TO read;
[2017-09-07 15:48:22,266] sync_to_ad.py[LINE:121]# INFO Role "write" in PostgreSQL find
[2017-09-07 15:48:22,268] sync_to_ad.py[LINE:129]# DEBUG GRANT CONNECT ON DATABASE prod_sgr TO write;
[2017-09-07 15:48:22,269] sync_to_ad.py[LINE:133]# DEBUG GRANT USAGE ON SCHEMA public TO write;
[2017-09-07 15:48:22,270] sync_to_ad.py[LINE:137]# DEBUG GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO write;
[2017-09-07 15:48:22,275] sync_to_ad.py[LINE:129]# DEBUG GRANT CONNECT ON DATABASE testdb TO write;
[2017-09-07 15:48:22,288] sync_to_ad.py[LINE:152]# INFO DELETE User: []
[2017-09-07 15:48:22,288] sync_to_ad.py[LINE:153]# INFO ADD User: ['esgolovachev']
[2017-09-07 15:48:22,289] sync_to_ad.py[LINE:164]# DEBUG CREATE USER "esgolovachev" IN ROLE "read"