odyssey/docker/ldap/odyssey.conf


storage "postgres_server" {
	type "remote"
	
	host "localhost"
	port 5432
}

# ldapserver=localhost ldapbinddn="cn=admin,dc=example,dc=org" ldapbasedn="dc=example,dc=org"  ldapbindpasswd="admin" ldapsearchfilter="(uid=$username)"

ldap_endpoint "ldap1" {
	ldapscheme "ldap"
	ldapbasedn "dc=example,dc=org"
	ldapbinddn "cn=admin,dc=example,dc=org"
	ldapbindpasswd "admin"
	ldapsearchattribute "gecos"
	ldapserver "192.168.233.16"
	ldapport 389
}

ldap_endpoint "ldap_storage_creds" {
	ldapscheme "ldap"
	ldapbasedn "dc=example,dc=org"
	ldapbinddn "cn=admin,dc=example,dc=org"
	ldapbindpasswd "admin"
	ldapsearchfilter "(memberOf=cn=localhost,ou=groups,dc=example,dc=org)"
	ldapsearchattribute "gecos"
	ldapserver "192.168.233.16"
	ldapport 389
}

database default {
	user default {
		authentication "clear_text"

		storage "postgres_server"
		pool "session"
		pool_size 10

		ldap_pool_size 10
		ldap_pool_timeout 0

		pool_timeout 0

		pool_ttl 60

		pool_discard no

		pool_cancel yes

		pool_rollback yes

		client_fwd_error yes

		application_name_add_host yes

		reserve_session_server_connection no

		server_lifetime 3600
		log_debug no
		ldap_endpoint_name "ldap_storage_creds"

		ldap_storage_credentials_attr "memberof"

		ldap_storage_credentials "group_ro" {
			ldap_storage_username "ldap_readonly"
			ldap_storage_password "ldap_pass_readonly"
		}

		ldap_storage_credentials "group_rw" {
			ldap_storage_username "ldap_rw"
			ldap_storage_password "ldap_pass_rw"
		}

		quantiles "0.99,0.95,0.5"
		client_max 107
	}

}

database "ldap_db" {
	user "user1" {
		authentication "clear_text"

		storage "postgres_server"
		pool "session"
		pool_size 10

		ldap_pool_size 10
		ldap_pool_timeout 0

		pool_timeout 0

		pool_ttl 60

		pool_discard no

		pool_cancel yes

		pool_rollback yes

		client_fwd_error yes

		application_name_add_host yes

		reserve_session_server_connection no

		server_lifetime 3600
		log_debug no
		ldap_endpoint_name "ldap1"

		quantiles "0.99,0.95,0.5"
		client_max 107
	}
	user default {
		authentication "clear_text"
		storage "postgres_server"
		pool "session"
		pool_size 10
		ldap_pool_size 10
		ldap_pool_timeout 0
                pool_timeout 0
		pool_ttl 60
		pool_discard no
		pool_cancel yes
		pool_rollback yes
		client_fwd_error yes
		application_name_add_host yes
		reserve_session_server_connection no
		server_lifetime 3600
		log_debug no
		ldap_endpoint_name "ldap1"
		quantiles "0.99,0.95,0.5"
		client_max 10
	}
}

unix_socket_dir "/tmp"
unix_socket_mode "0644"

log_format "%p %t %l [%i %s] (%c) %m\n"
log_file "/var/log/odyssey.log"
log_debug yes
log_config yes
log_session yes
log_query yes
log_stats no
daemonize yes

coroutine_stack_size 24

locks_dir "/tmp/odyssey"
graceful_die_on_errors yes
enable_online_restart yes
bindwith_reuseport yes

stats_interval 60

pid_file "/var/run/odyssey.pid"

listen {
	host "*"
	port 6432
}


storage "local" {
	type "local"
}

database "console" {
	user default {
		authentication "none"
		role "admin"
		pool "session"
		storage "local"
	}
}
LDAP auth in od 2021-04-21 13:11:18 +00:00
			`storage "postgres_server" {`
			`type "remote"`

Fix config validation for roles in local storage (#392) 2021-12-20 09:53:33 +00:00			`host "localhost"`
LDAP auth in od 2021-04-21 13:11:18 +00:00			`port 5432`
			`}`

			`# ldapserver=localhost ldapbinddn="cn=admin,dc=example,dc=org" ldapbasedn="dc=example,dc=org" ldapbindpasswd="admin" ldapsearchfilter="(uid=$username)"`

			`ldap_endpoint "ldap1" {`
Fix config validation for roles in local storage (#392) 2021-12-20 09:53:33 +00:00			`ldapscheme "ldap"`
			`ldapbasedn "dc=example,dc=org"`
			`ldapbinddn "cn=admin,dc=example,dc=org"`
			`ldapbindpasswd "admin"`
			`ldapsearchattribute "gecos"`
			`ldapserver "192.168.233.16"`
			`ldapport 389`
LDAP auth in od 2021-04-21 13:11:18 +00:00			`}`

Access management to PostgreSQL with LDAP (#454) This commit extends functionality of ldap authentication. It introduces LDAP server groups match feature, allowing r strict access between different users to different databases on same host. Odyssey now will receive optional attributes from LDAP server while authenticating user and use them to acquire backend connection under proper role. 2022-08-13 08:55:13 +00:00			`ldap_endpoint "ldap_storage_creds" {`
			`ldapscheme "ldap"`
			`ldapbasedn "dc=example,dc=org"`
			`ldapbinddn "cn=admin,dc=example,dc=org"`
			`ldapbindpasswd "admin"`
			`ldapsearchfilter "(memberOf=cn=localhost,ou=groups,dc=example,dc=org)"`
			`ldapsearchattribute "gecos"`
			`ldapserver "192.168.233.16"`
			`ldapport 389`
			`}`

			`database default {`
			`user default {`
			`authentication "clear_text"`

			`storage "postgres_server"`
			`pool "session"`
			`pool_size 10`

			`ldap_pool_size 10`
			`ldap_pool_timeout 0`

			`pool_timeout 0`

			`pool_ttl 60`

			`pool_discard no`

			`pool_cancel yes`

			`pool_rollback yes`

			`client_fwd_error yes`

			`application_name_add_host yes`

			`reserve_session_server_connection no`

			`server_lifetime 3600`
			`log_debug no`
			`ldap_endpoint_name "ldap_storage_creds"`

			`ldap_storage_credentials_attr "memberof"`

			`ldap_storage_credentials "group_ro" {`
			`ldap_storage_username "ldap_readonly"`
			`ldap_storage_password "ldap_pass_readonly"`
			`}`

			`ldap_storage_credentials "group_rw" {`
			`ldap_storage_username "ldap_rw"`
			`ldap_storage_password "ldap_pass_rw"`
			`}`

			`quantiles "0.99,0.95,0.5"`
			`client_max 107`
			`}`

			`}`

LDAP auth in od 2021-04-21 13:11:18 +00:00			`database "ldap_db" {`
			`user "user1" {`
			`authentication "clear_text"`

			`storage "postgres_server"`
			`pool "session"`
			`pool_size 10`

Fix config validation for roles in local storage (#392) 2021-12-20 09:53:33 +00:00			`ldap_pool_size 10`
LDAP auth in od 2021-04-21 13:11:18 +00:00			`ldap_pool_timeout 0`
Fix config validation for roles in local storage (#392) 2021-12-20 09:53:33 +00:00
			`pool_timeout 0`
LDAP auth in od 2021-04-21 13:11:18 +00:00
			`pool_ttl 60`

			`pool_discard no`

			`pool_cancel yes`

			`pool_rollback yes`

			`client_fwd_error yes`

			`application_name_add_host yes`
Fix config validation for roles in local storage (#392) 2021-12-20 09:53:33 +00:00
			`reserve_session_server_connection no`
LDAP auth in od 2021-04-21 13:11:18 +00:00
			`server_lifetime 3600`
			`log_debug no`
Fix config validation for roles in local storage (#392) 2021-12-20 09:53:33 +00:00			`ldap_endpoint_name "ldap1"`
LDAP auth in od 2021-04-21 13:11:18 +00:00
			`quantiles "0.99,0.95,0.5"`
Fix config validation for roles in local storage (#392) 2021-12-20 09:53:33 +00:00			`client_max 107`
LDAP auth in od 2021-04-21 13:11:18 +00:00			`}`
Fix default_user ldap auth for default user configuration (#313) * Fix default_user ldap auth * apply fmt Co-authored-by: reshke <Kirill Reshke> 2021-05-04 16:13:20 +00:00			`user default {`
			`authentication "clear_text"`
			`storage "postgres_server"`
			`pool "session"`
			`pool_size 10`
			`ldap_pool_size 10`
			`ldap_pool_timeout 0`
Add password_passthrough option to route 2021-05-19 12:00:59 +00:00			`pool_timeout 0`
Fix default_user ldap auth for default user configuration (#313) * Fix default_user ldap auth * apply fmt Co-authored-by: reshke <Kirill Reshke> 2021-05-04 16:13:20 +00:00			`pool_ttl 60`
			`pool_discard no`
			`pool_cancel yes`
			`pool_rollback yes`
			`client_fwd_error yes`
			`application_name_add_host yes`
			`reserve_session_server_connection no`
			`server_lifetime 3600`
			`log_debug no`
			`ldap_endpoint_name "ldap1"`
			`quantiles "0.99,0.95,0.5"`
			`client_max 10`
			`}`
LDAP auth in od 2021-04-21 13:11:18 +00:00			`}`

			`unix_socket_dir "/tmp"`
			`unix_socket_mode "0644"`

			`log_format "%p %t %l [%i %s] (%c) %m\n"`
			`log_file "/var/log/odyssey.log"`
			`log_debug yes`
			`log_config yes`
			`log_session yes`
			`log_query yes`
			`log_stats no`
			`daemonize yes`

			`coroutine_stack_size 24`

			`locks_dir "/tmp/odyssey"`
			`graceful_die_on_errors yes`
			`enable_online_restart yes`
			`bindwith_reuseport yes`

			`stats_interval 60`

			`pid_file "/var/run/odyssey.pid"`

			`listen {`
			`host "*"`
			`port 6432`
			`}`


			`storage "local" {`
			`type "local"`
			`}`

			`database "console" {`
			`user default {`
			`authentication "none"`
Add roles in console DB (#371) * Ldapless * Ldapless * Console are now considering roles * For pull from origin * Done, but not tested * Works, but do not drop connections to console * Update to origin * Added drop connections with lowered role via reload * Format and rename * Fix makefile & dev.conf * Fix makefile & dev.conf * Fix lagpolling tests * Fix tests * Fix tests * Add tests & fix .conf * Add tests & fix .conf * Add tests & fix .conf Co-authored-by: tim-shlyap <tim-shlyap@yandex-team.ru> 2021-12-15 23:08:42 +00:00			`role "admin"`
LDAP auth in od 2021-04-21 13:11:18 +00:00			`pool "session"`
			`storage "local"`
			`}`
			`}`