From: | Chris Travers <chris(dot)travers(at)gmail(dot)com> |
---|---|
To: | kanis(at)comcard(dot)de |
Cc: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: Using LDAP roles in PostgreSQL |
Date: | 2011-07-13 17:19:37 |
Message-ID: | CAKt_Zfsy0XRnKz6nLcbRmMq_=tOKHT1UtNiMT6WahNdfoTDyhw@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On Wed, Jul 13, 2011 at 6:59 AM, Lars Kanis <kanis(at)comcard(dot)de> wrote:
> Homepage: https://github.com/larskanis/pg-ldap-sync
>
> Is it something useful for someone apart of mine?
Hi Lars;
While I don't have an immediate use for it, it is very nice to know
such a tool exists, and I think it is likely that at some unspecified
point in the future, something like this might be helpful to my own
customers.
I do have a question though. Does your application allow for creating
only users and groups in part of the LDAP tree? Or does it have that
possibility yet? Also can it be configured to ignore grants of
specific Pg roles to users? I am not saying these are must-haves.
If I need them at some point I could probably add the features and
contribute the change back. But it would be nice to know.
Just as an example of where I am going with this. One of my main
projects (LedgerSMB) uses database roles to enforce permissions. One
of the nice things is that password authentication could passed
through to an LDAP server to provide SSO for an organization. I plan
to forward this announcement to the list there as well as a
potentially useful tool. I figure it is worth noting this on the list
because I can't imagine I am the only one doing this.
Best Wishes,
Chris Travers
From | Date | Subject | |
---|---|---|---|
Next Message | Jeff Davis | 2011-07-13 18:33:53 | Re: SerializableSnapshot removed from postgresql 8.4 |
Previous Message | Duarte Fonseca | 2011-07-13 17:10:27 | SerializableSnapshot removed from postgresql 8.4 |