Sorry for the late reply, I could test your solution only today…
Am 06.12.19 18:52 schrieb(en) Tom Lane:
> I don't think that the user name mapping feature works in the way you are hoping it does. According to
https://www.postgresql.org/docs/current/auth-username-maps.htmlwhat the map does is to specify allowed combinations of
thevalidated external user name ("Albrecht Dreß" in your example) and the database role the user asked to connect as.
Sogiven
>
> > certaccess /^.*$ testuser
>
> it should be possible to do
>
> psql -h dbserver -U testuser testdb
>
> with a certificate that has CN="Albrecht Dreß" (or anything else).
Yes, this works perfectly – I really misunderstood the docs here!
Thanks a lot for your help,
Albrecht.
