| From: | Jacob Champion <pchampion(at)vmware(dot)com> |
|---|---|
| To: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [PATCH] Support pg_ident mapping for LDAP |
| Date: | 2021-09-01 15:42:35 |
| Message-ID: | be97d519db4d43d664405a98ec7dca2420296e1b.camel@vmware.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, 2021-08-31 at 19:39 +0000, Jacob Champion wrote:
> Hello,
>
> There was a brief discussion [1] back in February on allowing user
> mapping for LDAP, in order to open up some more complex authorization
> logic (and slightly reduce the need for LDAP-to-Postgres user
> synchronization). Attached is an implementation of this that separates
> the LDAP authentication and authorization identities, and lets the
> client control the former with an `ldapuser` connection option or its
> associated PGLDAPUSER envvar.
The cfbot found a failure in postgres_fdw, which I completely neglected
in my design. I think the desired functionality should be to allow the
ldapuser connection option during CREATE USER MAPPING but not CREATE
SERVER. I'll have a v2 up today to fix that.
--Jacob
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mario Emmenlauer | 2021-09-01 15:49:57 | Re: dup(0) fails on Ubuntu 20.04 and macOS 10.15 with 13.0 |
| Previous Message | Fujii Masao | 2021-09-01 15:40:48 | Re: Allow escape in application_name (was: [postgres_fdw] add local pid to fallback_application_name) |