diff --git a/Bundler/ident-mapping.xml b/Bundler/ident-mapping.xml index eda8d23..587d88e 100644 --- a/Bundler/ident-mapping.xml +++ b/Bundler/ident-mapping.xml @@ -1,4 +1,5 @@ + diff --git a/Python/etc/postgresql/9.1/main/pg_hba.conf b/Python/etc/postgresql/9.1/main/pg_hba.conf index 8cd8d62..dd50d2e 100644 --- a/Python/etc/postgresql/9.1/main/pg_hba.conf +++ b/Python/etc/postgresql/9.1/main/pg_hba.conf @@ -89,6 +89,11 @@ out("""# PostgreSQL Client Authentication Configuration File # a SIGHUP signal. If you edit the file on a running system, you have # to SIGHUP the postmaster for the changes to take effect. You can # use "pg_ctl reload" to do that. + +#Attention; do not REMOVE this line +# Database administrative login by Unix domain socket +local all postgres peer + # TYPE DATABASE USER ADDRESS METHOD host Syslog rsyslog 127.0.0.1/32 md5 diff --git a/Python/etc/postgresql/9.1/main/pg_ident.conf b/Python/etc/postgresql/9.1/main/pg_ident.conf new file mode 100644 index 0000000..b308ff0 --- /dev/null +++ b/Python/etc/postgresql/9.1/main/pg_ident.conf @@ -0,0 +1,120 @@ +info["owner"] = "postgres" +info["group"] = "postgres" +info["mode"] = 0640 + + +import sys +sys.path.append('/usr/scripts') +import lc_ldap.shortcuts + +conn = lc_ldap.shortcuts.lc_ldap_readonly() + +comment_start = "#" +header("Gestion des acces ident pour les utilisateurs") + +# Liste des nounous +adm_objects = conn.search(u'droits=nounou') +nounous = [adm['uid'][0] for adm in adm_objects] + +out("""# PostgreSQL User Name Maps +# ========================= +# +# Refer to the PostgreSQL documentation, chapter "Client +# Authentication" for a complete description. A short synopsis +# follows. +# +# This file controls PostgreSQL user name mapping. It maps external +# user names to their corresponding PostgreSQL user names. Records +# are of the form: +# +# MAPNAME SYSTEM-USERNAME PG-USERNAME +# +# (The uppercase quantities must be replaced by actual values.) +# +# MAPNAME is the (otherwise freely chosen) map name that was used in +# pg_hba.conf. SYSTEM-USERNAME is the detected user name of the +# client. PG-USERNAME is the requested PostgreSQL user name. The +# existence of a record specifies that SYSTEM-USERNAME may connect as +# PG-USERNAME. +# +# If SYSTEM-USERNAME starts with a slash (/), it will be treated as a +# regular expression. Optionally this can contain a capture (a +# parenthesized subexpression). The substring matching the capture +# will be substituted for 1 (backslash-one) if present in +# PG-USERNAME. +# +# Multiple maps may be specified in this file and used by pg_hba.conf. +# +# No map names are defined in the default configuration. If all +# system user names and PostgreSQL user names are the same, you don't +# need anything in this file. +# +# This file is read on server startup and when the postmaster receives +# a SIGHUP signal. If you edit the file on a running system, you have +# to SIGHUP the postmaster for the changes to take effect. You can +# use "pg_ctl reload" to do that. + +# Put your actual configuration here""") + +#Syslog +out("""# MAPNAME SYSTEM-USERNAME PG-USERNAME +syslog postgres rsyslog +syslog root rsyslog""") + +#Ensuite les nounous + +for nounou in nounous: + out("""syslog """ + str(nounou) + """ crans""") + +#Db django rw +out(""" +django www-data crans +django asterisk crans +django respbats crans +django root crans""") + +# Etherpad +out(""" +etherpad etherpad crans""") + + +# mac_prises +out(""" +mac_prises root crans""") +for nounou in nounous: + out("""mac_prises """ + str(nounou) + """ crans""") + + +#Filtrage +out("""filtrage root crans""") + +#Sqlgrey +out("""sqlgrey postgres sqlgrey""") + +# cluebringer +out("""cluebringer www-data cluebringer +cluebringer cluebringer cluebringer""") + +#Webmail +out("""webmail www-data roundcube""") + +#horde +out("""horde www-data www-data""") + +#Mediadrop + +out("""mediadrop root mediadrop +mediadrop www-data mediadrop""") + +#Db django ro +out(""" +django_ro respbats crans_ro +django_ro freerad crans_ro +django_ro arpwatch crans_ro +django_ro munin crans_ro +django_ro asterisk crans_ro +django_ro www-data crans_ro""") + +for nounou in nounous: + out("""django_ro """ + str(nounou) + """ crans""") +