pg-ldap-sync 0.5.0 → 0.5.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a08af19305647e9c74adbf8d4354f826d95eea24e3ac9d362e1f32df2e347f2e
-  data.tar.gz: b07f7ef2e6eee98529979b8b935dcf0d1a5b5e29535ba499824b36cfb71ebbca
+  metadata.gz: 0d2b110ac0eeff29e7a02739a4756afd30b38436b9c2387da186f0be4b0841d5
+  data.tar.gz: b371cb0096dfa5762d794f49ec955c30e55fee908e0b01861f9806e8c5d85e61
 SHA512:
-  metadata.gz: ab386f3df54231fd962696446d38ce9cf2fa0bdef9bd383b9e9af72a96eb67527be1bb7ddf09133f80fd92a5e2868e5d07269a87bf0b45d648c732b5ae643017
-  data.tar.gz: 05631b8dea00b093943017f425cb82dd64edb2323afda113bafee01235368c1526f2386236de84979654c2c495c102ff1e7f441a1538199581730772d5845721
+  metadata.gz: f0643dba267c51ceef5c3c5efbd3db17c7a63622573b6ae33d39d6fec254b80b160fe80b6f8179f16c581f11d74f3784873aec55914f7d6a765c4269ccc604ec
+  data.tar.gz: 438e1178f11d9b7ff848ec582172f5a21b3a6269ea763370aa31a74b5d5c6ed097ea6ba975d466ab1df54907374ff5f7350ed94ac701b28eeae2db129b187634

data/.github/workflows/ci.yml

@@ -1,6 +1,18 @@
 name: CI
 
-on: [push, pull_request]
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 1 2 * *" # At 01:00 on the second day of each month - https://crontab.guru/#0_1_2_*_*
+  push:
+    branches:
+      - master
+    tags:
+      - "*.*.*"
+  pull_request:
+    types: [opened, synchronize]
+    branches:
+      - "*"
 
 jobs:
   job_test_gem:
@@ -11,23 +23,23 @@ jobs:
         include:
           - os: windows
             ruby: "head"
-            PGVERSION: 15.1-1-windows-x64
-            PGVER: "15"
+            PGVERSION: 17.0-1-windows-x64
+            PGVER: "17"
           - os: windows
             ruby: "2.4"
             PGVERSION: 9.4.26-1-windows-x64
             PGVER: "9.4"
           - os: ubuntu
             ruby: "head"
-            PGVER: "15"
+            PGVER: "17"
           - os: ubuntu
-            os_ver: "20.04"
+            os_ver: "22.04"
             ruby: "2.3"
             PGVER: "9.3"
           - os: macos
             ruby: "head"
-            PGVERSION: 15.1-1-osx
-            PGVER: "15"
+            PGVERSION: 17.0-1-osx
+            PGVER: "17"
 
     runs-on: ${{ matrix.os }}-${{ matrix.os_ver || 'latest' }}
     env:
@@ -52,7 +64,7 @@ jobs:
 
           $(new-object net.webclient).DownloadFile("http://get.enterprisedb.com/postgresql/postgresql-$env:PGVERSION-binaries.zip", "postgresql-binaries.zip")
           Unzip "postgresql-binaries.zip" "."
-          echo "$pwd/pgsql/bin"  | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
+          echo "$env:RI_DEVKIT$env:MINGW_PREFIX/bin;$env:RI_DEVKIT/usr/bin;$pwd/pgsql/bin"  | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
           echo "PGUSER=$env:USERNAME"  | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
           echo "PGPASSWORD="  | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
           md temp
@@ -73,6 +85,7 @@ jobs:
           wget https://get.enterprisedb.com/postgresql/postgresql-$PGVERSION-binaries.zip && \
           sudo mkdir -p /Library/PostgreSQL && \
           sudo unzip postgresql-$PGVERSION-binaries.zip -d /Library/PostgreSQL/$PGVER && \
+          sudo mv /Library/PostgreSQL/$PGVER/pgsql/* /Library/PostgreSQL/$PGVER/ && \
           echo /Library/PostgreSQL/$PGVER/bin >> $GITHUB_PATH
 
       - run: bundle install

data/.standard.yml

@@ -0,0 +1 @@
+ruby_version: 2.3

data/CHANGELOG.md

@@ -1,6 +1,20 @@
+## 0.5.2 / 2025-09-01
+
+* Replace `kwalify` by `json-schema` to remove hundreds of warnings about keyword arguments in modern Ruby. #51
+* Allow ERb syntax in config file. #52
+  This can be used to insert password from environment variable like so: `password: <%= ENV["PASSWORD"] %>`
+* Update documentation.
+
+
+## 0.5.1 / 2025-03-22
+
+* Add dependent gems for compat with ruby-3.5
+* Add predefined roles for compat with PostgreSQL-16 and 17
+
+
 ## 0.5.0 / 2023-08-24
 
-* Add Kerberos and NTLM authentication support
+* Add Kerberos and NTLM authentication support to LDAP connection
 * Fix retrieval of groups with over 1500 users in Active Directory server. #45
 
 

data/README.md

@@ -1,8 +1,8 @@
 [![Build Status](https://app.travis-ci.com/larskanis/pg-ldap-sync.svg?branch=master)](https://app.travis-ci.com/larskanis/pg-ldap-sync) [![Build status](https://ci.appveyor.com/api/projects/status/09xn9q5p64jbxtka/branch/master?svg=true)](https://ci.appveyor.com/project/larskanis/pg-ldap-sync/branch/master)
 
-# Use LDAP permissions in PostgreSQL
+# Sync users and groups from LDAP to PostgreSQL
 
-* http://github.com/larskanis/pg-ldap-sync
+* https://github.com/larskanis/pg-ldap-sync
 
 ## DESCRIPTION:
 
@@ -27,7 +27,7 @@ It is meant to be started as a cron job.
 * Set scope of considered users/groups on LDAP and PG side
 * Test mode which doesn't do any changes to the DBMS
 * Both LDAP and PG connections can be secured by SSL/TLS
-* NTLM and Kerberos authentication to LDAP server
+* Password, NTLM and Kerberos authentication to LDAP server
 
 ## REQUIREMENTS:
 
@@ -37,23 +37,31 @@ It is meant to be started as a cron job.
 
 ## INSTALL:
 
+pg-ldap-sync is included in Ubuntu-22.04 and Debian-11 and newer.
+It can be installed by
+
+```sh
+sudo apt install ruby-pg-ldap-sync
+```
+
+### Install from source
+
 Install Ruby:
 
-* on Windows: http://rubyinstaller.org
-* on Debian/Ubuntu: `apt-get install ruby libpq-dev`
+* on Windows: https://rubyinstaller.org
+* on Debian/Ubuntu: `apt-get install ruby`
 
 Install pg-ldap-sync and required dependencies:
 ```sh
-  gem install pg-ldap-sync
+gem install pg-ldap-sync
 ```
 
 ### Install from Git:
 ```sh
-  git clone https://github.com/larskanis/pg-ldap-sync.git
-  cd pg-ldap-sync
-  gem install bundler
-  bundle install
-  bundle exec rake install
+git clone https://github.com/larskanis/pg-ldap-sync.git
+cd pg-ldap-sync
+bundle install
+bundle exec rake install
 ```
 
 ## USAGE:
@@ -65,11 +73,11 @@ or even better
 
 Run in test-mode:
 ```sh
-  pg_ldap_sync -c my_config.yaml -vv -t
+pg_ldap_sync -c my_config.yaml -vv -t
 ```
 Run in modify-mode:
 ```sh
-  pg_ldap_sync -c my_config.yaml -vv
+pg_ldap_sync -c my_config.yaml -vv
 ```
 
 It is recommended to avoid granting permissions to synchronized users on the PostgreSQL server, but to grant permissions to groups instead.
@@ -80,9 +88,9 @@ This is because `DROP USER` statements invoked when a user leaves otherwise fail
 ## TEST:
 There is a small test suite in the `test` directory that runs against an internal LDAP server and a PostgreSQL server. Ensure `pg_ctl`, `initdb` and `psql` commands are in the `PATH` like so:
 ```sh
-  cd pg-ldap-sync
-  bundle install
-  PATH=$PATH:/usr/lib/postgresql/10/bin/ bundle exec rake test
+cd pg-ldap-sync
+bundle install
+PATH=$PATH:/usr/lib/postgresql/10/bin/ bundle exec rake test
 ```
 
 ## ISSUES:

data/Rakefile

@@ -10,4 +10,4 @@ Rake::TestTask.new(:test) do |t|
   t.test_files = FileList["test/**/test_*.rb"]
 end
 
-task :gem => :build
+task gem: :build

data/appveyor.yml

@@ -1,4 +1,4 @@
-image: Visual Studio 2019
+image: Visual Studio 2022
 
 init:
   - set PATH=C:/Ruby%ruby_version%/bin;c:/Program Files/Git/cmd;c:/Windows/system32;C:/Windows/System32/WindowsPowerShell/v1.0
@@ -21,7 +21,8 @@ test_script:
 
 environment:
   matrix:
+    # ruby-3.3.6 currently fails installing stringio-3.1.5.gem
+    # - ruby_version: "33-x64"
+      # PGVER: 16
     - ruby_version: "27-x64"
-      PGVER: 13
-    - ruby_version: "24"
-      PGVER: 10
+      PGVER: 11

data/config/sample-config.yaml

@@ -3,7 +3,7 @@
 # is considered as LDAP-synchronized.
 
 # Connection parameters to LDAP server
-# see also: http://net-ldap.rubyforge.org/Net/LDAP.html#method-c-new
+# see also: https://www.rubydoc.info/gems/net-ldap/Net%2FLDAP:initialize
 ldap_connection:
   host: ldapserver
   port: 389
@@ -44,7 +44,7 @@ ldap_groups:
   member_attribute: member
 
 # Connection parameters to PostgreSQL server
-# see also: http://rubydoc.info/gems/pg/PG/Connection#initialize-instance_method
+# see also: https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS
 pg_connection:
   host:
   dbname: postgres

data/config/sample-config2.yaml

@@ -9,7 +9,7 @@
 #
 
 # Connection parameters to LDAP server
-# see also: http://net-ldap.rubyforge.org/Net/LDAP.html#method-c-new
+# see also: https://www.rubydoc.info/gems/net-ldap/Net%2FLDAP:initialize
 ldap_connection:
   host: ldapserver
   port: 636
@@ -45,7 +45,7 @@ ldap_groups:
   member_attribute: member
 
 # Connection parameters to PostgreSQL server
-# see also: http://rubydoc.info/gems/pg/PG/Connection#initialize-instance_method
+# see also: https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS
 pg_connection:
   host:
   dbname: postgres

data/config/schema.yaml

@@ -1,74 +1,78 @@
-type:       map
-mapping:
-  "ldap_connection":
-    type:      any
-    required:  yes
+"$schema": "http://json-schema.org/draft-04/schema#"
+"id": "https://github.com/larskanis/pg-ldap-sync/blob/-/config/schema.yaml"
+title: pg-ldap-sync config file
+type: object
+required:
+  - ldap_connection
+  - ldap_users
+  - ldap_groups
+  - pg_connection
+  - pg_users
+  - pg_groups
+properties:
+  ldap_connection:
+    type: object
 
-  "ldap_users":
-    type: map
-    required: yes
-    mapping:
-      "base":
-        type: str
-        required:  yes
-      "filter":
-        type: str
-        required:  yes
-      "name_attribute":
-        type: str
-        required:  yes
-      "lowercase_name":
-        type: bool
-        required:  no
-      "bothcase_name":
-        type: bool
-        required:  no
+  ldap_users:
+    type: object
+    required:
+      - base
+      - filter
+      - name_attribute
+    properties:
+      base:
+        type: string
+      filter:
+        type: string
+      name_attribute:
+        type: string
+      lowercase_name:
+        type: boolean
+      bothcase_name:
+        type: boolean
 
-  "ldap_groups":
-    type: map
-    required: yes
-    mapping:
-      "base":
-        type: str
-        required:  yes
-      "filter":
-        type: str
-        required:  yes
-      "name_attribute":
-        type: str
-        required:  yes
-      "lowercase_name":
-        type: bool
-        required:  no
-      "bothcase_name":
-        type: bool
-        required:  no
-      "member_attribute":
-        type: str
-        required:  yes
+  ldap_groups:
+    type: object
+    required:
+      - base
+      - filter
+      - name_attribute
+      - member_attribute
+    properties:
+      base:
+        type: string
+      filter:
+        type: string
+      name_attribute:
+        type: string
+      lowercase_name:
+        type: boolean
+      bothcase_name:
+        type: boolean
+      member_attribute:
+        type: string
 
-  "pg_connection":
-    type:      any
-    required:  yes
+  pg_connection:
+    type: object
 
-  "pg_users":
-    type: map
-    required: yes
-    mapping:
-      "filter":
-        type: str
-        required:  yes
-      "create_options":
-        type: str
+  pg_users:
+    type: object
+    required:
+      - filter
+    properties:
+      filter:
+        type: string
+      create_options:
+        type: ["string", "null"]
 
-  "pg_groups":
-    type: map
-    required: yes
-    mapping:
-      "filter":
-        type: str
-        required:  yes
-      "create_options":
-        type: str
-      "grant_options":
-        type: str
+  pg_groups:
+    type: object
+    required:
+      - filter
+    properties:
+      filter:
+        type: string
+      create_options:
+        type: ["string", "null"]
+      grant_options:
+        type: ["string", "null"]

data/exe/pg_ldap_sync

@@ -1,6 +1,6 @@
 #!/usr/bin/env ruby
 
-require 'pg_ldap_sync'
+require "pg_ldap_sync"
 
 begin
   PgLdapSync::Application.run(ARGV)