| From: | Lars Kanis <kanis(at)comcard(dot)de> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Using LDAP roles in PostgreSQL |
| Date: | 2011-07-13 13:59:02 |
| Message-ID: | 201107131559.03498.kanis@comcard.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hi,
LDAP is often used to do a centralized user and role management in an enterprise environment. PostgreSQL offers different
authentication methods, like LDAP, SSPI, GSSAPI or SSL. However, for any of these methods the user must already exist in the
database, before the authentication can be used. There is currently no authorization of database users directly based on LDAP.
Unfortunately, I couldn't find a programm for synchronizing users, groups and their memberships from LDAP to PostgreSQL. So I wrote
my own and just released v0.1.0.
Access to LDAP is used read-only. pg_ldap_sync issues proper CREATE ROLE, DROP ROLE, GRANT and REVOKE commands to
synchronize users and groups. It is meant to be started as a cron job.
FEATURES:
* Configurable per YAML config file
* Can use Active Directory as LDAP-Server
* Nested groups/roles supported
* Runs with pg.gem (C-library) or postgres-pr.gem (pure Ruby)
* Test mode which doesn’t do any changes to the DBMS
Homepage: https://github.com/larskanis/pg-ldap-sync
Is it something useful for someone apart of mine?
--
Kind regards,
Lars Kanis
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Oleg Bartunov | 2011-07-13 15:36:11 | Re: ts_rank seems very slow (140 ranked documents / second on my machine) |
| Previous Message | Merlin Moncure | 2011-07-13 13:49:46 | Re: plpgsql function confusing behaviour |