On Wed, May 5, 2010 at 22:49, Daniel Scott <djscott@xxxxxxx> wrote: > Hi, > > I have Postgres 8.4.3 running with gss authentication against Fedora's > FreeIPA (Integrated Kerberos, LDAP and some other services). > > I would like to auto-create users and auto-map postgres roles with > users and groups within the FreeIPA LDAP directory. Can anyone tell me > if this is available in Postgres? Looking through the docs, it appears > that it is not, and I have to manage user creation and role membership > manually. > > I found this post from 5 years ago: > > http://www.mail-archive.com/pgsql-hackers@xxxxxxxxxxxxxx/msg58156.html > > But I haven't found anything mentioning this functionality since. > > Is anyone else attempting to do this? I could probably write a script > or something to auto create postgres users from the LDAP directory > (and remove users who have been deleted from LDAP) and then > synchronise the roles with LDAP groups, but I don't want to repeat > this work if someone's already done it. > > I'd also appreciate any hints or suggestions for ways to do this. I've written scripts to do this several times using both python and perl. It's pretty simple. I haven't made them generic though, so it's not something I can share. But just a tool that compares the list of users and issues the appropriate CREATE USER or DROP USER commands is pretty trivial. Granting role permissions adds a bit of complexity, but not much. Trying to do them generic will make it a lot more complex though, so if you jus tneed it for this one case, a quick one-off script is probably the easiest way to go. -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
