| From: | Rafal Pietrak <rafal(at)ztk-rp(dot)eu> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: LDAP Authentication |
| Date: | 2015-04-23 07:08:28 |
| Message-ID: | 55389A6C.3040802@ztk-rp.eu |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
W dniu 23.04.2015 o 00:06, John R Pierce pisze:
> On 4/22/2015 2:57 PM, Joseph Kregloh wrote:
>>
>>
>>
>> I see. That would still require a manual process to create the user
>> on each server. I was planing on using some already existing scripts
>> to create the user automatically on all servers and then LDAP would
>> authorize depending on attributes in their LDAP profile.
>
> but thats not how it works, so all the 'planing' in the world won't
> change a thing.
>
> access rights per database are managed with GRANT, users must be
> CREATE USER on each server regardless of how they are authenticated.
>
As I understand:
1. postgresql maintains whatever's GRANTed within its system tables.
2. postgresql supports DBLINK
<whatif>
there was a way to supplement (join) system rights table with DBLINKed LDAP?
</whatif>
-R
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Holger.Friedrich-Fa-Trivadis | 2015-04-23 09:07:05 | Re: What constitutes "reproducible" numbers from pgbench? |
| Previous Message | Adrian Klaver | 2015-04-22 23:37:10 | Re: Connecting to 2 different DB on same machine |