| From: | Bill Moran <wmoran(at)potentialtech(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Using LDAP for PostgreSQL permissions/authentication |
| Date: | 2013-09-13 23:46:04 |
| Message-ID: | 20130913194604.8b2bfaf9daede4780cf1f8ea@potentialtech.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Fri, 13 Sep 2013 16:29:47 -0400 Stephen Frost <sfrost(at)snowman(dot)net> wrote:
>
> > Thus, when I go to log in as wmoran, LDAP checks my password, then informs
> > PostgreSQL to allow me in with specified roles, and I can do operations
> > granted to those roles.
>
> That's a little over-simplistic, isn't it? What about objects which are
> created by the 'wmoran' account?
To address this one question, it's not terribly difficult to make a rule that
handles this. LDAP could have a "primaryDatabaseRole" attribute that is used
when a single role is required (such as for object ownership) ... that's just
one possibility.
--
Bill Moran <wmoran(at)potentialtech(dot)com>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Chris Travers | 2013-09-14 00:52:26 | Re: Best way to populate nested composite type from JSON` |
| Previous Message | John R Pierce | 2013-09-13 21:21:39 | Re: How to restore some DBs to a new server? |