Home > mailing lists

Re: [PATCH] Support pg_ident mapping for LDAP - Mailing list pgsql-hackers

From	Jacob Champion
Subject	Re: [PATCH] Support pg_ident mapping for LDAP
Date	September 1, 2021 18:42:35
Msg-id	be97d519db4d43d664405a98ec7dca2420296e1b.camel@vmware.com Whole thread Raw
In response to	[PATCH] Support pg_ident mapping for LDAP (Jacob Champion <pchampion@vmware.com>)
Responses	Re: [PATCH] Support pg_ident mapping for LDAP (Jacob Champion <pchampion@vmware.com>)
List	pgsql-hackers

Tree view

On Tue, 2021-08-31 at 19:39 +0000, Jacob Champion wrote:
> Hello,
> 
> There was a brief discussion [1] back in February on allowing user
> mapping for LDAP, in order to open up some more complex authorization
> logic (and slightly reduce the need for LDAP-to-Postgres user
> synchronization). Attached is an implementation of this that separates
> the LDAP authentication and authorization identities, and lets the
> client control the former with an `ldapuser` connection option or its
> associated PGLDAPUSER envvar.

The cfbot found a failure in postgres_fdw, which I completely neglected
in my design. I think the desired functionality should be to allow the
ldapuser connection option during CREATE USER MAPPING but not CREATE
SERVER. I'll have a v2 up today to fix that.

--Jacob

pgsql-hackers by date:

From: Fujii Masao
Date: 01 September 2021, 18:40:48
Subject: Re: Allow escape in application_name (was: [postgres_fdw] add local pid to fallback_application_name)

From: Mario Emmenlauer
Date: 01 September 2021, 18:49:57
Subject: Re: dup(0) fails on Ubuntu 20.04 and macOS 10.15 with 13.0

Re: [PATCH] Support pg_ident mapping for LDAP - Mailing list pgsql-hackers

Previous

Next