Re: Using more than one LDAP? - Mailing list pgsql-general

From Stephen Frost
Subject Re: Using more than one LDAP?
Date
Msg-id 20210108215926.GY27507@tamriel.snowman.net
Whole thread Raw
In response to Re: Using more than one LDAP?  (Paul Förster <paul.foerster@gmail.com>)
Responses Re: Using more than one LDAP?
List pgsql-general
Greetings,

* Paul Förster (paul.foerster@gmail.com) wrote:
> Ok, since LDAP doesn't work that way, I either need to build GSSAPI packages and have the AD admins to provide me
withthe keytab file or make the transition a "hard" one, i.e. no transition phase. Though I'd rather have liked to see
atransition phase where either account could have been used I personally can live with that. It's the developers who
willhave to change quickly, not me. ;-) 

Done correctly, the developers will hopefully be going from "this stupid
thing prompts me to provide a username/password in order to log in" to
"no more prompt for logging in, it just *works*".  Further, as Magnus
explained, you could actually have the mapping to allow user X to log in
by providing GSSAPI credentials Y, if they are actually still going to
be including some username in their connection request to PG (even
though they shouldn't need to, since it'll be the same between their
local Windows/AD login and the GSSAPI user that PG will see).  You
should be able to make both work concurrently thanks to pg_ident.conf.

Thanks,

Stephen

Attachment

pgsql-general by date:

Previous
From: raf
Date:
Subject: Re: How to keep format of views source code as entered?
Next
From: Tim Cross
Date:
Subject: Re: How to keep format of views source code as entered?