On 1/29/21 8:18 AM, Daniel Gustafsson wrote: >> On 28 Jan 2021, at 23:10, Andrew Dunstan <and...@dunslane.net> wrote: >> On 1/28/21 11:39 AM, Jacob Champion wrote: >>> Unfortunately I don't really know what that solution should look like. >>> A DSL for filtering on RDNs would be a lot of work, but it could >>> potentially allow LDAP to be mapped through pg_ident as well >> In the end it will be up to users to come up with expressions that meet >> their usage. Yes they could get it wrong, but then they can get so many >> things wrong ;-) > My main concern with this isn't that it's easy to get it wrong, but that it > may > end up being hard to get it right (with false positives in the auth path as a > result). Right now I'm not sure where it leans. > > Maybe it will be easier to judge the proposal when the documentation has been > updated warnings for the potential pitfalls? >
Feel free to make suggestions for wording :-) cheers andrew -- Andrew Dunstan EDB: https://www.enterprisedb.com
