On Fri, 13 Sep 2013 16:29:47 -0400 Stephen Frost <sfrost@xxxxxxxxxxx> wrote: > > > Thus, when I go to log in as wmoran, LDAP checks my password, then informs > > PostgreSQL to allow me in with specified roles, and I can do operations > > granted to those roles. > > That's a little over-simplistic, isn't it? What about objects which are > created by the 'wmoran' account? To address this one question, it's not terribly difficult to make a rule that handles this. LDAP could have a "primaryDatabaseRole" attribute that is used when a single role is required (such as for object ownership) ... that's just one possibility. -- Bill Moran <wmoran@xxxxxxxxxxxxxxxxx> -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
