From: | Bill Moran <wmoran(at)potentialtech(dot)com> |
---|---|
To: | Stephen Frost <sfrost(at)snowman(dot)net> |
Cc: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: Using LDAP for PostgreSQL permissions/authentication |
Date: | 2013-09-13 23:46:04 |
Message-ID: | 20130913194604.8b2bfaf9daede4780cf1f8ea@potentialtech.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On Fri, 13 Sep 2013 16:29:47 -0400 Stephen Frost <sfrost(at)snowman(dot)net> wrote:
>
> > Thus, when I go to log in as wmoran, LDAP checks my password, then informs
> > PostgreSQL to allow me in with specified roles, and I can do operations
> > granted to those roles.
>
> That's a little over-simplistic, isn't it? What about objects which are
> created by the 'wmoran' account?
To address this one question, it's not terribly difficult to make a rule that
handles this. LDAP could have a "primaryDatabaseRole" attribute that is used
when a single role is required (such as for object ownership) ... that's just
one possibility.
--
Bill Moran <wmoran(at)potentialtech(dot)com>
From | Date | Subject | |
---|---|---|---|
Next Message | Chris Travers | 2013-09-14 00:52:26 | Re: Best way to populate nested composite type from JSON` |
Previous Message | John R Pierce | 2013-09-13 21:21:39 | Re: How to restore some DBs to a new server? |