Thread: LDAP authorization with postgresql

I use GSS for authentication. But I would like to setup LDAP based
authorization, so a user can have access to a particular
database/role/etc...I found documentation on how to setup LDAP but
don't really see any examples for what I am trying to do. Any
suggestions?

Greetings,

* Keith Brown (keith6014@gmail.com) wrote:
> I use GSS for authentication. But I would like to setup LDAP based
> authorization, so a user can have access to a particular
> database/role/etc...I found documentation on how to setup LDAP but
> don't really see any examples for what I am trying to do. Any
> suggestions?

You probably want to look into a tool to sync your LDAP directory group
membership with roles in PG.

eg: https://github.com/larskanis/pg-ldap-sync

(Glad to hear you're using GSS for authentication!)

Thanks,

Stephen

Yes, authentication with gss is great. Just authorization story with
postgresql is much harder. Should I even bother with LDAP? instead
just do it manually? I want to avoid another component like
pg-ldap-sync

On Fri, Oct 8, 2021 at 3:08 PM Stephen Frost <sfrost@snowman.net> wrote:
>
> Greetings,
>
> * Keith Brown (keith6014@gmail.com) wrote:
> > I use GSS for authentication. But I would like to setup LDAP based
> > authorization, so a user can have access to a particular
> > database/role/etc...I found documentation on how to setup LDAP but
> > don't really see any examples for what I am trying to do. Any
> > suggestions?
>
> You probably want to look into a tool to sync your LDAP directory group
> membership with roles in PG.
>
> eg: https://github.com/larskanis/pg-ldap-sync
>
> (Glad to hear you're using GSS for authentication!)
>
> Thanks,
>
> Stephen