Home > mailing lists

Re: Using LDAP for PostgreSQL permissions/authentication - Mailing list pgsql-general

From	Bill Moran
Subject	Re: Using LDAP for PostgreSQL permissions/authentication
Date	September 14, 2013 02:46:15
Msg-id	20130913194604.8b2bfaf9daede4780cf1f8ea@potentialtech.com Whole thread Raw
In response to	Re: Using LDAP for PostgreSQL permissions/authentication (Stephen Frost <sfrost@snowman.net>)
List	pgsql-general

Tree view

On Fri, 13 Sep 2013 16:29:47 -0400 Stephen Frost <sfrost@snowman.net> wrote:
>
> > Thus, when I go to log in as wmoran, LDAP checks my password, then informs
> > PostgreSQL to allow me in with specified roles, and I can do operations
> > granted to those roles.
>
> That's a little over-simplistic, isn't it?  What about objects which are
> created by the 'wmoran' account?

To address this one question, it's not terribly difficult to make a rule that
handles this.  LDAP could have a "primaryDatabaseRole" attribute that is used
when a single role is required (such as for object ownership) ... that's just
one possibility.

--
Bill Moran <wmoran@potentialtech.com>

pgsql-general by date:

From: John R Pierce
Date: 14 September 2013, 00:21:58
Subject: Re: How to restore some DBs to a new server?

From: Chris Travers
Date: 14 September 2013, 03:52:35
Subject: Re: Best way to populate nested composite type from JSON`

Re: Using LDAP for PostgreSQL permissions/authentication - Mailing list pgsql-general

Previous

Next