Using LDAP for authorization - Mailing list pgsql-hackers

From Magnus Hagander
Subject Using LDAP for authorization
Date
Msg-id 6BCB9D8A16AC4241919521715F4D8BCE6C73D0@algol.sollentuna.se
Whole thread Raw
Responses Re: Using LDAP for authorization  (Stephen Frost <sfrost@snowman.net>)
List pgsql-hackers
Hi!

I want to pull authorization information from LDAP for my PostgreSQL
database. I use kerberos for authentication, so I do *not* want to use
LDAP for authentication. I want to pull group membership from LDAP and
match it to the kerberos-provisded usernames. Preferrably the users
should be auto-created if needed, but the groups are created by the
admin (users shuold only be autocreated if they are members of these
groups, of course).

I see two ways of doing this:
1) Have an external process that syncs database users and groups to the
LDAP directory. I have no need for "instant updates" (if a new user is
added, it's Ok if it takes an hour or so before he can log in to the
database). Does somebody know of a tool that does this already?

2) Somehow have this functionality in the backend authorization code -
"native support for LDAP groups". Those who have digged around those
parts of the code, is this something that seems reasonable to do? Is it
something we'd want in the backend at all?


//Magnus



pgsql-hackers by date:

Previous
From:
Date:
Subject: Re: Feature freeze date for 8.1
Next
From:
Date:
Subject: Re: Feature freeze date for 8.1