| From: | Joseph Kregloh <jkregloh(at)sproutloud(dot)com> |
|---|---|
| To: | John R Pierce <pierce(at)hogranch(dot)com> |
| Cc: | pgsql-general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: LDAP Authentication |
| Date: | 2015-04-22 21:57:23 |
| Message-ID: | CAAW2xfdT9gQA1DaU_d3YmKd++rjdaHZZcwi5CnXX25Ew4RyKiA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Wed, Apr 22, 2015 at 5:30 PM, John R Pierce <pierce(at)hogranch(dot)com> wrote:
> On 4/22/2015 11:37 AM, Joseph Kregloh wrote:
>
>> I have successfully setup LDAP and setup simple authentication using
>> simple bind. This was my test case. Now I need to move to the next lever
>> which would be search and bind. This will allow me to grant access to
>> particular servers for some people. I am not sure where or how the
>> ldapsearchattibute comes into play.
>>
>>
>
> you would do this by CREATE USER on the various servers for those people,
> along with GRANT. LDAP only provides authentication, it doesn't manage
> authorization.
>
>
I see. That would still require a manual process to create the user on each
server. I was planing on using some already existing scripts to create the
user automatically on all servers and then LDAP would authorize depending
on attributes in their LDAP profile.
> --
> john r pierce, recycling bits in santa cruz
>
>
>
> --
> Sent via pgsql-general mailing list (pgsql-general(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-general
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | John R Pierce | 2015-04-22 22:06:23 | Re: LDAP Authentication |
| Previous Message | Steve Crawford | 2015-04-22 21:37:37 | Re: ERROR: could not open relation with OID |