pg-ldap-sync 0.3.0 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0e6ea134d34a9ff15f8e16aacb27ee545ff22a23500097e7474256c666bc4eff
-  data.tar.gz: 32aedf90f32b328497bee8df9d01943b073a6faaf6f3f4c0336b2e90f0d779cc
+  metadata.gz: a08af19305647e9c74adbf8d4354f826d95eea24e3ac9d362e1f32df2e347f2e
+  data.tar.gz: b07f7ef2e6eee98529979b8b935dcf0d1a5b5e29535ba499824b36cfb71ebbca
 SHA512:
-  metadata.gz: 8ac395dee24a267cbab7c89ca277cb57f7bccfbdbff4f48ee6d9db2dc6f740c442df9127831658e6aa52fdbe708f853741f3b727061a7ae4c6814343ddecbc73
-  data.tar.gz: 14e0858af1c20fd488ba0ec9beb1bc5c71492e2f8904a97821612a09a2b5f4cf4def1e27631392cb4f1f88710f76564e74f9f5dd736ffd2dbf301b73725f057a
+  metadata.gz: ab386f3df54231fd962696446d38ce9cf2fa0bdef9bd383b9e9af72a96eb67527be1bb7ddf09133f80fd92a5e2868e5d07269a87bf0b45d648c732b5ae643017
+  data.tar.gz: 05631b8dea00b093943017f425cb82dd64edb2323afda113bafee01235368c1526f2386236de84979654c2c495c102ff1e7f441a1538199581730772d5845721

data/.github/workflows/ci.yml

@@ -0,0 +1,81 @@
+name: CI
+
+on: [push, pull_request]
+
+jobs:
+  job_test_gem:
+    name: Test built gem
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - os: windows
+            ruby: "head"
+            PGVERSION: 15.1-1-windows-x64
+            PGVER: "15"
+          - os: windows
+            ruby: "2.4"
+            PGVERSION: 9.4.26-1-windows-x64
+            PGVER: "9.4"
+          - os: ubuntu
+            ruby: "head"
+            PGVER: "15"
+          - os: ubuntu
+            os_ver: "20.04"
+            ruby: "2.3"
+            PGVER: "9.3"
+          - os: macos
+            ruby: "head"
+            PGVERSION: 15.1-1-osx
+            PGVER: "15"
+
+    runs-on: ${{ matrix.os }}-${{ matrix.os_ver || 'latest' }}
+    env:
+      PGVERSION: ${{ matrix.PGVERSION }}
+      PGVER: ${{ matrix.PGVER }}
+
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+
+      - name: Download PostgreSQL Windows
+        if: matrix.os == 'windows'
+        run: |
+          Add-Type -AssemblyName System.IO.Compression.FileSystem
+          function Unzip {
+              param([string]$zipfile, [string]$outpath)
+              [System.IO.Compression.ZipFile]::ExtractToDirectory($zipfile, $outpath)
+          }
+
+          $(new-object net.webclient).DownloadFile("http://get.enterprisedb.com/postgresql/postgresql-$env:PGVERSION-binaries.zip", "postgresql-binaries.zip")
+          Unzip "postgresql-binaries.zip" "."
+          echo "$pwd/pgsql/bin"  | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
+          echo "PGUSER=$env:USERNAME"  | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
+          echo "PGPASSWORD="  | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
+          md temp
+          icacls temp /grant "Everyone:(OI)(CI)F" /T
+
+      - name: Download PostgreSQL Ubuntu
+        if: matrix.os == 'ubuntu'
+        run: |
+          echo "deb http://apt.postgresql.org/pub/repos/apt/ $(lsb_release -cs)-pgdg main $PGVER" | sudo tee -a /etc/apt/sources.list.d/pgdg.list
+          wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
+          sudo apt-get -y update
+          sudo apt-get -y --allow-downgrades install postgresql-$PGVER libpq5=$PGVER* libpq-dev=$PGVER*
+          echo /usr/lib/postgresql/$PGVER/bin >> $GITHUB_PATH
+
+      - name: Download PostgreSQL Macos
+        if: matrix.os == 'macos'
+        run: |
+          wget https://get.enterprisedb.com/postgresql/postgresql-$PGVERSION-binaries.zip && \
+          sudo mkdir -p /Library/PostgreSQL && \
+          sudo unzip postgresql-$PGVERSION-binaries.zip -d /Library/PostgreSQL/$PGVER && \
+          echo /Library/PostgreSQL/$PGVER/bin >> $GITHUB_PATH
+
+      - run: bundle install
+
+      - name: Run specs
+        run: bundle exec rake test

data/CHANGELOG.md

@@ -1,3 +1,18 @@
+## 0.5.0 / 2023-08-24
+
+* Add Kerberos and NTLM authentication support
+* Fix retrieval of groups with over 1500 users in Active Directory server. #45
+
+
+## 0.4.0 / 2022-12-02
+
+* Support groups with over 1500 users in Active Directory server. #32
+* Retrieve only necessary attributes from LDAP server.
+* Add error text to exception, so that it's visible even if nothing is logged.
+* Fix compatibility with PostgreSQL-15
+* Require ruby-2.3+
+
+
 ## 0.3.0 / 2022-01-18
 
 * Add config option :bothcase_name .

data/Gemfile

@@ -2,3 +2,7 @@ source "https://rubygems.org"
 
 # Specify your gem's dependencies in pg_ldap_sync.gemspec
 gemspec
+
+group :development do
+  gem "debug"
+end

data/README.md

@@ -20,16 +20,18 @@ It is meant to be started as a cron job.
 
 ## FEATURES:
 
+* User+group creation, deletion and changes in memberships are synchronized from LDAP to PostgreSQL
+* Nested groups/roles supported
 * Configurable per YAML config file
 * Can use Active Directory as LDAP-Server
-* Nested groups/roles supported
 * Set scope of considered users/groups on LDAP and PG side
 * Test mode which doesn't do any changes to the DBMS
 * Both LDAP and PG connections can be secured by SSL/TLS
+* NTLM and Kerberos authentication to LDAP server
 
 ## REQUIREMENTS:
 
-* Ruby-2.0+, JRuby-1.2+
+* Ruby-2.0+
 * LDAP-v3 server
 * PostgreSQL-server v9.0+
 
@@ -70,6 +72,11 @@ Run in modify-mode:
   pg_ldap_sync -c my_config.yaml -vv
 ```
 
+It is recommended to avoid granting permissions to synchronized users on the PostgreSQL server, but to grant permissions to groups instead.
+This is because `DROP USER` statements invoked when a user leaves otherwise fail due to depending objects.
+`DROP GROUP` equally fails if there are depending objects, but groups are typically more stable and removed rarely.
+
+
 ## TEST:
 There is a small test suite in the `test` directory that runs against an internal LDAP server and a PostgreSQL server. Ensure `pg_ctl`, `initdb` and `psql` commands are in the `PATH` like so:
 ```sh

data/Rakefile

@@ -2,6 +2,8 @@
 require "bundler/gem_tasks"
 require "rake/testtask"
 
+CLEAN.include "temp"
+
 Rake::TestTask.new(:test) do |t|
   t.libs << "test"
   t.libs << "lib"

data/config/sample-config.yaml

@@ -5,13 +5,26 @@
 # Connection parameters to LDAP server
 # see also: http://net-ldap.rubyforge.org/Net/LDAP.html#method-c-new
 ldap_connection:
-  host: localhost
+  host: ldapserver
   port: 389
   auth:
     method: :simple
     username: CN=username,OU=!Serviceaccounts,OU=company,DC=company,DC=de
     password: secret
 
+  # or GSSAPI / Kerberos authentication:
+  auth:
+    method: :gssapi
+    hostname: ldapserver.company.de
+    servicename: ldap # optional, defaults to "ldap"
+
+  # or GSS-SPNEGO / NTLM authentication
+  auth:
+    method: :gss_spnego
+    username: 'myuser'
+    password: 'secret'
+    domain: 'company.de' # optional
+
 # Search parameters for LDAP users which should be synchronized
 ldap_users:
   base: OU=company,OU=company,DC=company,DC=de
@@ -51,4 +64,5 @@ pg_groups:
   filter: NOT rolcanlogin AND NOT rolsuper
   # Options for CREATE RULE statements
   create_options: NOLOGIN
+  # Options for GRANT <role> TO <group> statements
   grant_options:

data/config/sample-config2.yaml

@@ -1,7 +1,12 @@
 # With this sample config the distinction between LDAP-synchronized
-# groups/users from is done by the membership to ldap_user and
-# ldap_group. These two roles has to be defined manally before
-# pg_ldap_sync can run.
+# groups/users from manually created PostgreSQL users is done by the
+# membership in ldap_user and ldap_group.
+# These two roles have to be defined manally before pg_ldap_sync can
+# run and all synchronized users/groups will become member of them
+# later on:
+#     CREATE GROUP ldap_groups;
+#     CREATE USER ldap_users;
+#
 
 # Connection parameters to LDAP server
 # see also: http://net-ldap.rubyforge.org/Net/LDAP.html#method-c-new
@@ -60,4 +65,5 @@ pg_groups:
   filter: oid IN (SELECT pam.member FROM pg_auth_members pam JOIN pg_roles pr ON pr.oid=pam.roleid WHERE pr.rolname='ldap_groups')
   # Options for CREATE RULE statements
   create_options: NOLOGIN IN ROLE ldap_groups
+  # Options for GRANT <role> TO <group> statements
   grant_options:

data/lib/pg_ldap_sync/application.rb

@@ -52,13 +52,18 @@ class Application
 
   def search_ldap_users
     ldap_user_conf = @config[:ldap_users]
+    name_attribute = ldap_user_conf[:name_attribute]
 
     users = []
-    res = @ldap.search(:base => ldap_user_conf[:base], :filter => ldap_user_conf[:filter]) do |entry|
-      name = entry[ldap_user_conf[:name_attribute]].first
+    res = @ldap.search(
+          base: ldap_user_conf[:base],
+          filter: ldap_user_conf[:filter],
+          attributes: [name_attribute, :dn]
+    ) do |entry|
+      name = entry[name_attribute].first
 
       unless name
-        log.warn "user attribute #{ldap_user_conf[:name_attribute].inspect} not defined for #{entry.dn}"
+        log.warn "user attribute #{name_attribute.inspect} not defined for #{entry.dn}"
         next
       end
       log.info "found user-dn: #{entry.dn}"
@@ -85,17 +90,56 @@ class Application
     return users
   end
 
+  def retrieve_array_attribute(entry, attribute_name)
+    array = entry[attribute_name]
+    if array.empty?
+      # Possibly an attribute, which must be retrieved in several ranges
+
+      ranged_attr = entry.attribute_names.find { |n| n =~ /\A#{Regexp.escape(attribute_name)};range=/ }
+      if ranged_attr
+        entry_dn = entry.dn
+
+        loop do
+          array += entry[ranged_attr]
+          log.debug "retrieved attribute range #{ranged_attr.inspect} of dn #{entry_dn}"
+
+          if ranged_attr =~ /;range=\d+\-\*\z/
+            break
+          end
+
+          attribute_with_range = ranged_attr.to_s.gsub(/;range=.*/, ";range=#{array.size}-*")
+          entry = @ldap.search(
+            base: entry_dn,
+            scope: Net::LDAP::SearchScope_BaseObject,
+            attributes: attribute_with_range).first
+
+          ranged_attr = entry.attribute_names.find { |n| n =~ /\A#{Regexp.escape(attribute_name)};range=/ }
+        end
+      end
+    else
+      # Values already received -> No ranged attribute
+    end
+    return array
+  end
+
   def search_ldap_groups
     ldap_group_conf = @config[:ldap_groups]
+    name_attribute = ldap_group_conf[:name_attribute]
+    member_attribute = ldap_group_conf[:member_attribute]
 
     groups = []
-    res = @ldap.search(:base => ldap_group_conf[:base], :filter => ldap_group_conf[:filter]) do |entry|
-      name = entry[ldap_group_conf[:name_attribute]].first
+    res = @ldap.search(
+          base: ldap_group_conf[:base],
+          filter: ldap_group_conf[:filter],
+          attributes: [name_attribute, member_attribute, :dn]
+    ) do |entry|
+      name = entry[name_attribute].first
 
       unless name
-        log.warn "user attribute #{ldap_group_conf[:name_attribute].inspect} not defined for #{entry.dn}"
+        log.warn "user attribute #{name_attribute.inspect} not defined for #{entry.dn}"
         next
       end
+
       log.info "found group-dn: #{entry.dn}"
 
       names = if ldap_group_conf[:bothcase_name]
@@ -107,7 +151,8 @@ class Application
       end
 
       names.each do |n|
-        groups << LdapRole.new(n, entry.dn, entry[ldap_group_conf[:member_attribute]])
+        group_members = retrieve_array_attribute(entry, member_attribute)
+        groups << LdapRole.new(n, entry.dn, group_members)
       end
       entry.each do |attribute, values|
         log.debug "   #{attribute}:"
@@ -123,7 +168,7 @@ class Application
   PgRole = Struct.new :name, :member_names
 
   # List of default roles taken from https://www.postgresql.org/docs/current/predefined-roles.html
-  PG_BUILTIN_ROLES = %w[ pg_read_all_data pg_write_all_data pg_read_all_settings pg_read_all_stats pg_stat_scan_tables pg_monitor pg_database_owner pg_signal_backend pg_read_server_files pg_write_server_files pg_execute_server_program ]
+  PG_BUILTIN_ROLES = %w[ pg_read_all_data pg_write_all_data pg_read_all_settings pg_read_all_stats pg_stat_scan_tables pg_monitor pg_database_owner pg_signal_backend pg_read_server_files pg_write_server_files pg_execute_server_program pg_checkpoint]
 
   def search_pg_users
     pg_users_conf = @config[:pg_users]
@@ -316,8 +361,26 @@ class Application
   def start!
     read_config_file(@config_fname)
 
+    ldap_conf = @config[:ldap_connection]
+    auth_meth = ldap_conf.dig(:auth, :method).to_s
+    if auth_meth == "gssapi"
+      begin
+        require 'net/ldap/auth_adapter/gssapi'
+      rescue LoadError => err
+        raise "#{err}\nTo use GSSAPI authentication please run:\n  gem install net-ldap-auth_adapter-gssapi"
+      end
+    elsif auth_meth == "gss_spnego"
+      begin
+        require 'net-ldap-gss-spnego'
+        # This doesn't work since this file is defined in net-ldap as a placeholder:
+        #   require 'net/ldap/auth_adapter/gss_spnego'
+      rescue LoadError => err
+        raise "#{err}\nTo use GSSAPI authentication please run:\n  gem install net-ldap-gss-spnego"
+      end
+    end
+
     # gather LDAP users and groups
-    @ldap = Net::LDAP.new @config[:ldap_connection]
+    @ldap = Net::LDAP.new ldap_conf
     ldap_users = uniq_names search_ldap_users
     ldap_groups = uniq_names search_ldap_groups
 
@@ -348,14 +411,14 @@ class Application
 
     # Determine exitcode
     if log.had_errors?
-      raise ErrorExit, 1
+      raise ErrorExit.new(1, log.first_error)
     end
   end
 
   def self.run(argv)
     s = self.new
     s.config_fname = '/etc/pg_ldap_sync.yaml'
-    s.log = Logger.new($stdout, @error_counters)
+    s.log = Logger.new($stdout)
     s.log.level = Logger::ERROR
 
     OptionParser.new do |opts|

data/lib/pg_ldap_sync/compat.rb

@@ -0,0 +1,10 @@
+#!/usr/bin/env ruby
+
+class Hash
+  # transform_keys was added in ruby-2.5
+  def transform_keys
+    map do |k, v|
+      [yield(k), v]
+    end.to_h
+  end unless method_defined? :transform_keys
+end

data/lib/pg_ldap_sync/logger.rb

@@ -2,23 +2,27 @@ require 'logger'
 
 module PgLdapSync
 class Logger < ::Logger
-  def initialize(io, counters)
+  def initialize(io)
     super(io)
     @counters = {}
   end
 
-  def add(severity, *args)
-    @counters[severity] ||= 0
-    @counters[severity] += 1
+  def add(severity, *args, &block)
     super
+    return unless [Logger::FATAL, Logger::ERROR].include?(severity)
+    @counters[severity] ||= block ? block.call : args.first
   end
 
   def had_logged?(severity)
-    @counters[severity] && @counters[severity] > 0
+    !!@counters[severity]
   end
 
   def had_errors?
     had_logged?(Logger::FATAL) || had_logged?(Logger::ERROR)
   end
+
+  def first_error
+    @counters[Logger::FATAL] || @counters[Logger::ERROR]
+  end
 end
 end

data/lib/pg_ldap_sync/version.rb

@@ -1,3 +1,3 @@
 module PgLdapSync
-  VERSION = "0.3.0"
+  VERSION = "0.5.0"
 end

data/lib/pg_ldap_sync.rb

@@ -1,4 +1,5 @@
 require "pg_ldap_sync/application"
+require "pg_ldap_sync/compat"
 require "pg_ldap_sync/version"
 
 module PgLdapSync
@@ -8,7 +9,8 @@ module PgLdapSync
   class ApplicationExit < RuntimeError
     attr_reader :exitcode
 
-    def initialize(exitcode)
+    def initialize(exitcode, error=nil)
+      super(error)
       @exitcode = exitcode
     end
   end

data/pg-ldap-sync.gemspec

@@ -19,12 +19,12 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
   spec.rdoc_options = %w[--main README.md --charset=UTF-8]
-  spec.required_ruby_version = ">= 2.4"
+  spec.required_ruby_version = ">= 2.3"
 
   spec.add_runtime_dependency "net-ldap", "~> 0.16"
   spec.add_runtime_dependency "kwalify", "~> 0.7"
   spec.add_runtime_dependency "pg", ">= 0.14", "< 2.0"
-  spec.add_development_dependency "ruby-ldapserver", "~> 0.3"
+  spec.add_development_dependency "ruby-ldapserver", "~> 0.7"
   spec.add_development_dependency "minitest", "~> 5.0"
   spec.add_development_dependency "bundler", ">= 1.16", "< 3.0"
   spec.add_development_dependency "rake", "~> 13.0"

metadata

@@ -1,35 +1,39 @@
 --- !ruby/object:Gem::Specification
 name: pg-ldap-sync
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.5.0
 platform: ruby
 authors:
 - Lars Kanis
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain:
 - |
   -----BEGIN CERTIFICATE-----
-  MIIDLjCCAhagAwIBAgIBCTANBgkqhkiG9w0BAQsFADA9MQ4wDAYDVQQDDAVrYW5p
-  czEXMBUGCgmSJomT8ixkARkWB2NvbWNhcmQxEjAQBgoJkiaJk/IsZAEZFgJkZTAe
-  Fw0yMTA0MDcxMzQzNTZaFw0yMjA0MDcxMzQzNTZaMD0xDjAMBgNVBAMMBWthbmlz
-  MRcwFQYKCZImiZPyLGQBGRYHY29tY2FyZDESMBAGCgmSJomT8ixkARkWAmRlMIIB
-  IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApop+rNmg35bzRugZ21VMGqI6
-  HGzPLO4VHYncWn/xmgPU/ZMcZdfj6MzIaZJ/czXyt4eHpBk1r8QOV3gBXnRXEjVW
-  9xi+EdVOkTV2/AVFKThcbTAQGiF/bT1n2M+B1GTybRzMg6hyhOJeGPqIhLfJEpxn
-  lJi4+ENAVT4MpqHEAGB8yFoPC0GqiOHQsdHxQV3P3c2OZqG+yJey74QtwA2tLcLn
-  Q53c63+VLGsOjODl1yPn/2ejyq8qWu6ahfTxiIlSar2UbwtaQGBDFdb2CXgEufXT
-  L7oaPxlmj+Q2oLOfOnInd2Oxop59HoJCQPsg8f921J43NCQGA8VHK6paxIRDLQID
-  AQABozkwNzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAdBgNVHQ4EFgQUvgTdT7fe
-  x17ugO3IOsjEJwW7KP4wDQYJKoZIhvcNAQELBQADggEBAGCQhS4TBqUG1bSY5gw5
-  emj2GNePHFNlXTZ/W0/7FlnXQz/LyBZeYmy4AIHcdY0w9xsu3bPNGk8kLBkHgK3Y
-  l/yWiUK0NYRI3K3yI2EoTfrHPDT8XIgBPeUUGv5Nje+SUYMQWsfYWKo3+vLEG64a
-  n1xP+1+g2Za39WCS5LwnDWMiIk47NnxR9yXErKd0Iau/Q/IarYsHFX6kWWmlMoln
-  W1lMomCcOJFwIPnsy6aqq7YfS0YcqyHjcvs1h5k3zPaIRWhoPlQivniMVMa3Txh+
-  NEF/4atY64rruzkyfxGEcrFFOHJIkWnWQjRGaiZdgULxf7ira2gEFvV/ZtamqJWF
-  c+I=
+  MIIEBDCCAmygAwIBAgIBAjANBgkqhkiG9w0BAQsFADAoMSYwJAYDVQQDDB1sYXJz
+  L0RDPWdyZWl6LXJlaW5zZG9yZi9EQz1kZTAeFw0yMzAyMTUxNzQxMTVaFw0yNDAy
+  MTUxNzQxMTVaMCgxJjAkBgNVBAMMHWxhcnMvREM9Z3JlaXotcmVpbnNkb3JmL0RD
+  PWRlMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAwum6Y1KznfpzXOT/
+  mZgJTBbxZuuZF49Fq3K0WA67YBzNlDv95qzSp7V/7Ek3NCcnT7G+2kSuhNo1FhdN
+  eSDO/moYebZNAcu3iqLsuzuULXPLuoU0GsMnVMqV9DZPh7cQHE5EBZ7hlzDBK7k/
+  8nBMvR0mHo77kIkapHc26UzVq/G0nKLfDsIHXVylto3PjzOumjG6GhmFN4r3cP6e
+  SDfl1FSeRYVpt4kmQULz/zdSaOH3AjAq7PM2Z91iGwQvoUXMANH2v89OWjQO/NHe
+  JMNDFsmHK/6Ji4Kk48Z3TyscHQnipAID5GhS1oD21/WePdj7GhmbF5gBzkV5uepd
+  eJQPgWGwrQW/Z2oPjRuJrRofzWfrMWqbOahj9uth6WSxhNexUtbjk6P8emmXOJi5
+  chQPnWX+N3Gj+jjYxqTFdwT7Mj3pv1VHa+aNUbqSPpvJeDyxRIuo9hvzDaBHb/Cg
+  9qRVcm8a96n4t7y2lrX1oookY6bkBaxWOMtWlqIprq8JZXM9AgMBAAGjOTA3MAkG
+  A1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQWBBQ4h1tIyvdUWtMI739xMzTR
+  7EfMFzANBgkqhkiG9w0BAQsFAAOCAYEAQAcuTARfiiVUVx5KURICfdTM2Kd7LhOn
+  qt3Vs4ANGvT226LEp3RnQ+kWGQYMRb3cw3LY2TNQRPlnZxE994mgjBscN4fbjXqO
+  T0JbVpeszRZa5k1goggbnWT7CO7yU7WcHh13DaSubY7HUpAJn2xz9w2stxQfN/EE
+  VMlnDJ1P7mUHAvpK8X9j9h7Xlc1niViT18MYwux8mboVTryrLr+clATUkkM3yBF0
+  RV+c34ReW5eXO9Tr6aKTxh/pFC9ggDT6jOxuJgSvG8HWJzVf4NDvMavIas4KYjiI
+  BU6CpWaG5NxicqL3BERi52U43HV08br+LNVpb7Rekgve/PJuSFnAR015bhSRXe5U
+  vBioD1qW2ZW9tXg8Ww2IfDaO5a1So5Xby51rhNlyo6ATj2NkuLWZUKPKHhAz0TKm
+  Dzx/gFSOrRoCt2mXNgrmcAfr386AfaMvCh7cXqdxZwmVo7ILZCYXck0pajvubsDd
+  NUIIFkVXvd1odFyK9LF1RFAtxn/iAmpx
   -----END CERTIFICATE-----
-date: 2022-01-18 00:00:00.000000000 Z
+date: 2023-08-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: net-ldap
@@ -85,14 +89,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.3'
+        version: '0.7'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.3'
+        version: '0.7'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
@@ -155,7 +159,7 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.4'
-description: 
+description:
 email:
 - lars@greiz-reinsdorf.de
 executables:
@@ -164,6 +168,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".autotest"
+- ".github/workflows/ci.yml"
 - ".gitignore"
 - ".travis.yml"
 - CHANGELOG.md
@@ -179,6 +184,7 @@ files:
 - exe/pg_ldap_sync
 - lib/pg_ldap_sync.rb
 - lib/pg_ldap_sync/application.rb
+- lib/pg_ldap_sync/compat.rb
 - lib/pg_ldap_sync/logger.rb
 - lib/pg_ldap_sync/version.rb
 - pg-ldap-sync.gemspec
@@ -186,7 +192,7 @@ homepage: https://github.com/larskanis/pg-ldap-sync
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options:
 - "--main"
 - README.md
@@ -197,15 +203,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.4'
+      version: '2.3'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.3
-signing_key: 
+rubygems_version: 3.4.6
+signing_key:
 specification_version: 4
 summary: Use LDAP permissions in PostgreSQL
 test_files: []