Thread: Postgres user authentification or LDAP authentification
Hello!
I posted you a message about slowness of creation users more than 500 000 (#4919). It seems there is no workaround of this problem because of using pg_auth flat file.
To override this problem is it possible to use LDAP authentification metod to identify each user and speed up system? How it will affect group roles for each user because we use groups roles to give Access to users to system objects? Because group roles will work only with postgres users not LDAP.
pgBouncer or pgPool uses Postgres users for connection pooling. Is there some more variants to use connection pooling without using postgres users?
______________________________________
Lauris Ulmanis
Tel. +371 29471020
On Thu, Jul 23, 2009 at 12:47, Lauris Ulmanis<lauris.ulmanis@mykoob.com> wrote: > Hello! > > > > I posted you a message about slowness of creation users more than 500 000 > (#4919). It seems there is no workaround of this problem because of using > pg_auth flat file. > > > > To override this problem is it possible to use LDAP authentification metod > to identify each user and speed up system? No. LDAP authentication still requires all the users to be created in the database before they can log in. This is required so that they get an oid in the system, that is used for all permissions checks and ownership and such things. The only thing you could do here is to map multiple users to the *same* database user using pg_ident.conf, for example with a regular expression. However, you then loose the ability to distinguish between these users once they are logged in. > How it will affect group roles > for each user because we use groups roles to give Access to users to system > objects? Because group roles will work only with postgres users not LDAP. The PostgreSQL LDAP code currently has no support for groups. > pgBouncer or pgPool uses Postgres users for connection pooling. Is there > some more variants to use connection pooling without using postgres users? Not that I know of. -- Magnus Hagander Self: http://www.hagander.net/ Work: http://www.redpill-linpro.com/
Lauris Ulmanis wrote: > Hello! > > > > I posted you a message about slowness of creation users more than 500 000 > (#4919). It seems there is no workaround of this problem because of using > pg_auth flat file. > > > > To override this problem is it possible to use LDAP authentification metod > to identify each user and speed up system? No. The users still need to exist in the PG auth system. I'm sure this is just some missing optimization. Feel free to work on the code to improve performance for these cases. -- Alvaro Herrera http://www.CommandPrompt.com/ The PostgreSQL Company - Command Prompt, Inc.