Hi! I want to pull authorization information from LDAP for my PostgreSQL database. I use kerberos for authentication, so I do *not* want to use LDAP for authentication. I want to pull group membership from LDAP and match it to the kerberos-provisded usernames. Preferrably the users should be auto-created if needed, but the groups are created by the admin (users shuold only be autocreated if they are members of these groups, of course).
I see two ways of doing this: 1) Have an external process that syncs database users and groups to the LDAP directory. I have no need for "instant updates" (if a new user is added, it's Ok if it takes an hour or so before he can log in to the database). Does somebody know of a tool that does this already? 2) Somehow have this functionality in the backend authorization code - "native support for LDAP groups". Those who have digged around those parts of the code, is this something that seems reasonable to do? Is it something we'd want in the backend at all? //Magnus ---------------------------(end of broadcast)--------------------------- TIP 9: the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match