Merge pull request #10 from alan-turing-institute/6-specify-name-attr…

…ibutes Allow users to specify group and user name attributes
alan-turing-institute · Apr 8, 2024 · 1a88720 · 1a88720
2 parents ef00927 + 61d8162
commit 1a88720
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -7,10 +7,12 @@ Synchronise a Guacamole PostgreSQL database with an LDAP server, such as Microso
 - LDAP_BIND_PASSWORD: (Optional) password of LDAP bind user
 - LDAP_GROUP_BASE_DN: Base DN for groups
 - LDAP_GROUP_FILTER: LDAP filter to select groups
+- LDAP_GROUP_NAME_ATTR: Attribute used to extract group names (default: 'cn')
 - LDAP_HOST: LDAP host
-- LDAP_PORT: LDAP port
+- LDAP_PORT: LDAP port (default: '389')
 - LDAP_USER_BASE_DN: Base DN for users
 - LDAP_USER_FILTER: LDAP filter to select users
+- LDAP_USER_NAME_ATTR: Attribute used to extract user names (default: 'userPrincipalName')
 - POSTGRESQL_DB_NAME: Database name for PostgreSQL server (default: 'guacamole')
 - POSTGRESQL_HOST: PostgreSQL server host
 - POSTGRESQL_PASSWORD: Password of PostgreSQL user

diff --git a/scripts/expand_pg_ldap_sync.rb b/scripts/expand_pg_ldap_sync.rb
@@ -9,13 +9,16 @@
 view[:LDAP_BIND_PASSWORD] = ENV["LDAP_BIND_PASSWORD"]
 view[:LDAP_GROUP_BASE_DN] = ENV["LDAP_GROUP_BASE_DN"]
 view[:LDAP_GROUP_FILTER] = ENV["LDAP_GROUP_FILTER"]
+view[:LDAP_GROUP_NAME_ATTR] = ENV["LDAP_GROUP_NAME_ATTR"] || "cn"
 view[:LDAP_HOST] = ENV["LDAP_HOST"]
-view[:LDAP_PORT] = ENV["LDAP_PORT"]
+view[:LDAP_PORT] = ENV["LDAP_PORT"] || "389"
 view[:LDAP_USER_BASE_DN] = ENV["LDAP_USER_BASE_DN"]
 view[:LDAP_USER_FILTER] = ENV["LDAP_USER_FILTER"]
+view[:LDAP_USER_NAME_ATTR] = ENV["LDAP_USER_NAME_ATTR"] || "userPrincipalName"
 view[:POSTGRESQL_DB_NAME] = ENV["POSTGRESQL_DB_NAME"] || "guacamole"
 view[:POSTGRESQL_HOST] = ENV["POSTGRESQL_HOST"]
 view[:POSTGRESQL_PASSWORD] = ENV["POSTGRESQL_PASSWORD"]
+view[:POSTGRESQL_PORT] = ENV["POSTGRESQL_PORT"] || "5432"
 view[:POSTGRESQL_USERNAME] = ENV["POSTGRESQL_USERNAME"]
 
 # Write the expanded template to stdout

diff --git a/templates/pg_ldap_sync.mustache.yaml b/templates/pg_ldap_sync.mustache.yaml
@@ -22,8 +22,8 @@ ldap_users:
   base: {{{LDAP_USER_BASE_DN}}}
   # LDAP filter defining which LDAP users should be synchronized
   filter: {{{LDAP_USER_FILTER}}}
-  # this attribute is used as PG role name. It is 'sAMAccountName@domain'
-  name_attribute: userPrincipalName
+  # this attribute is used as PG role name
+  name_attribute: {{{LDAP_USER_NAME_ATTR}}}
   # lowercase name for use as PG role name
   lowercase_name: false
 
@@ -33,10 +33,10 @@ ldap_groups:
   # LDAP filter defining which LDAP groups should be synchronized
   filter: {{{LDAP_GROUP_FILTER}}}
   # this attribute is used as PG role name
-  name_attribute: cn
+  name_attribute: {{{LDAP_GROUP_NAME_ATTR}}}
   # lowercase name for use as PG role name
   lowercase_name: false
-  # this attribute must reference to all member DN's of the given group
+  # this attribute must reference all member DNs of the given group
   member_attribute: member
 
 # Connection parameters to PostgreSQL server
@@ -46,6 +46,7 @@ pg_connection:
   dbname: {{{POSTGRESQL_DB_NAME}}}
   user: {{{POSTGRESQL_USERNAME}}}
   password: {{{POSTGRESQL_PASSWORD}}}
+  port: {{{POSTGRESQL_PORT}}}
 
 pg_users:
   # Filter for identifying LDAP generated users in the database.