info["owner"] = "postgres" info["group"] = "postgres" info["mode"] = 0640 import sys sys.path.append('/usr/scripts') import lc_ldap.shortcuts conn = lc_ldap.shortcuts.lc_ldap_readonly() comment_start = "#" header("Gestion des acces ident pour les utilisateurs") # Liste des nounous/apprentis adm_objects = conn.search(u'droits=nounou') nounous = [adm['uid'][0] for adm in adm_objects] apprentis_objects = conn.search(u'droits=apprenti') apprentis = [appr['uid'][0] for appr in apprentis_objects] out("""# PostgreSQL User Name Maps # ========================= # # Refer to the PostgreSQL documentation, chapter "Client # Authentication" for a complete description. A short synopsis # follows. # # This file controls PostgreSQL user name mapping. It maps external # user names to their corresponding PostgreSQL user names. Records # are of the form: # # MAPNAME SYSTEM-USERNAME PG-USERNAME # # (The uppercase quantities must be replaced by actual values.) # # MAPNAME is the (otherwise freely chosen) map name that was used in # pg_hba.conf. SYSTEM-USERNAME is the detected user name of the # client. PG-USERNAME is the requested PostgreSQL user name. The # existence of a record specifies that SYSTEM-USERNAME may connect as # PG-USERNAME. # # If SYSTEM-USERNAME starts with a slash (/), it will be treated as a # regular expression. Optionally this can contain a capture (a # parenthesized subexpression). The substring matching the capture # will be substituted for 1 (backslash-one) if present in # PG-USERNAME. # # Multiple maps may be specified in this file and used by pg_hba.conf. # # No map names are defined in the default configuration. If all # system user names and PostgreSQL user names are the same, you don't # need anything in this file. # # This file is read on server startup and when the postmaster receives # a SIGHUP signal. If you edit the file on a running system, you have # to SIGHUP the postmaster for the changes to take effect. You can # use "pg_ctl reload" to do that. # Put your actual configuration here""") if has("pgsql-server-test"): out("""# MAPNAME SYSTEM-USERNAME PG-USERNAME intranet www-data crans_ro intranet www-data crans""") for nounou in nounous: out("""intranet """ + str(nounou) + """ crans""") for apprenti in apprentis: out("""intranet """ + str(apprenti) + """ crans""") else: #Syslog out("""# MAPNAME SYSTEM-USERNAME PG-USERNAME syslog postgres rsyslog syslog root rsyslog""") #Ensuite les nounous for nounou in nounous: out("""syslog """ + str(nounou) + """ crans""") #Db django rw out(""" django www-data crans django asterisk crans django respbats crans django root crans""") # Etherpad out(""" etherpad etherpad crans""") # mac_prises out(""" mac_prises root crans""") for nounou in nounous: out("""mac_prises """ + str(nounou) + """ crans""") #Filtrage out("""filtrage root crans""") #Sqlgrey out("""sqlgrey postgres sqlgrey""") # cluebringer out("""cluebringer www-data cluebringer cluebringer cluebringer cluebringer""") #Webmail out("""webmail www-data roundcube""") #horde out("""horde www-data www-data""") #Mediadrop out("""mediadrop root mediadrop mediadrop www-data mediadrop""") #Db django ro out(""" django_ro respbats crans_ro django_ro freerad crans_ro django_ro arpwatch crans_ro django_ro munin crans_ro django_ro asterisk crans_ro django_ro www-data crans_ro django_ro root crans_ro""") for nounou in nounous: out("""django_ro """ + str(nounou) + """ crans_ro""")