crans/crans_bcfg2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Gestion automatique des groupes pour ident via droits nounou

Browse source
This commit is contained in:
Gabriel Detraz 2015-06-30 15:56:27 +02:00
parent cca497ef3b
commit 616e7d96eb
3 changed files with 126 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
Python/etc/postgresql/9.1/main/pg_hba.conf
View file

@ -89,6 +89,11 @@ out("""# PostgreSQL Client Authentication Configuration File
# a SIGHUP signal. If you edit the file on a running system, you have
# to SIGHUP the postmaster for the changes to take effect. You can
# use "pg_ctl reload" to do that.
#Attention; do not REMOVE this line
# Database administrative login by Unix domain socket
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
host Syslog rsyslog 127.0.0.1/32 md5

120
Python/etc/postgresql/9.1/main/pg_ident.conf Normal file
View file

@ -0,0 +1,120 @@
info["owner"] = "postgres"
info["group"] = "postgres"
info["mode"] = 0640
import sys
sys.path.append('/usr/scripts')
import lc_ldap.shortcuts
conn = lc_ldap.shortcuts.lc_ldap_readonly()
comment_start = "#"
header("Gestion des acces ident pour les utilisateurs")
# Liste des nounous
adm_objects = conn.search(u'droits=nounou')
nounous = [adm['uid'][0] for adm in adm_objects]
out("""# PostgreSQL User Name Maps
# =========================
#
# Refer to the PostgreSQL documentation, chapter "Client
# Authentication" for a complete description. A short synopsis
# follows.
#
# This file controls PostgreSQL user name mapping. It maps external
# user names to their corresponding PostgreSQL user names. Records
# are of the form:
#
# MAPNAME SYSTEM-USERNAME PG-USERNAME
#
# (The uppercase quantities must be replaced by actual values.)
#
# MAPNAME is the (otherwise freely chosen) map name that was used in
# pg_hba.conf. SYSTEM-USERNAME is the detected user name of the
# client. PG-USERNAME is the requested PostgreSQL user name. The
# existence of a record specifies that SYSTEM-USERNAME may connect as
# PG-USERNAME.
#
# If SYSTEM-USERNAME starts with a slash (/), it will be treated as a
# regular expression. Optionally this can contain a capture (a
# parenthesized subexpression). The substring matching the capture
# will be substituted for 1 (backslash-one) if present in
# PG-USERNAME.
#
# Multiple maps may be specified in this file and used by pg_hba.conf.
#
# No map names are defined in the default configuration. If all
# system user names and PostgreSQL user names are the same, you don't
# need anything in this file.
#
# This file is read on server startup and when the postmaster receives
# a SIGHUP signal. If you edit the file on a running system, you have
# to SIGHUP the postmaster for the changes to take effect. You can
# use "pg_ctl reload" to do that.
# Put your actual configuration here""")
#Syslog
out("""# MAPNAME SYSTEM-USERNAME PG-USERNAME
syslog postgres rsyslog
syslog root rsyslog""")
#Ensuite les nounous
for nounou in nounous:
out("""syslog """ + str(nounou) + """ crans""")
#Db django rw
out("""
django www-data crans
django asterisk crans
django respbats crans
django root crans""")
# Etherpad
out("""
etherpad etherpad crans""")
# mac_prises
out("""
mac_prises root crans""")
for nounou in nounous:
out("""mac_prises """ + str(nounou) + """ crans""")
#Filtrage
out("""filtrage root crans""")
#Sqlgrey
out("""sqlgrey postgres sqlgrey""")
# cluebringer
out("""cluebringer www-data cluebringer
cluebringer cluebringer cluebringer""")
#Webmail
out("""webmail www-data roundcube""")
#horde
out("""horde www-data www-data""")
#Mediadrop
out("""mediadrop root mediadrop
mediadrop www-data mediadrop""")
#Db django ro
out("""
django_ro respbats crans_ro
django_ro freerad crans_ro
django_ro arpwatch crans_ro
django_ro munin crans_ro
django_ro asterisk crans_ro
django_ro www-data crans_ro""")
for nounou in nounous:
out("""django_ro """ + str(nounou) + """ crans""")