SSPI Feature Request

Hi,

SSPI Kerberos\NTLM authentication (Windows environment) currently only authenticates users, however, it does not authenticate a user against an LDAP \ Active Directory group.
This makes administration complex because an administrator would need to add\remove each user to\from an instance or if a user changes role then their permissions would need to be altered.
If you have many instances and many users then this becomes a long process which can be prone to error.

Industry best practices would be to define group(s) and assign permissions and roles to these and have SSPI authenticate users against these groups.
The responsibility of granting or altering permissions is at the LDAP \ Active Directory level which is its prime purpose.
This is something that other RDBMS can do and it would make PostgreSQL a far more attractive solution from that perspective.

Can you please look at making this possible?

This has been raised before (below) but nothing has been progressed further...
https://www.postgresql.org/message-id/20201016160029.GO19056%40tamriel.snowman.net

Many thanks.
John.

Disclaimer

The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.

This email has been scanned for viruses and malware, and may have been automatically archived by Mimecast, a leader in email security and cyber resilience. Mimecast integrates email defenses with brand protection, security awareness training, web security, compliance and other essential capabilities. Mimecast helps protect large and small organizations from malicious activity, human error and technology failure; and to lead the movement toward building a more resilient world. To find out more, visit our website.