W dniu 23.04.2015 o 00:06, John R Pierce pisze:
On 4/22/2015 2:57 PM, Joseph Kregloh
wrote:
I see. That would still require a manual process to create
the user on each server. I was planing on using some already
existing scripts to create the user automatically on all
servers and then LDAP would authorize depending on attributes
in their LDAP profile.
but thats not how it works, so all the 'planing' in the world
won't change a thing.
access rights per database are managed with GRANT, users must be
CREATE USER on each server regardless of how they are
authenticated.
As I understand:
1. postgresql maintains whatever's GRANTed within its system tables.
2. postgresql supports DBLINK
<whatif>
there was a way to supplement (join) system rights table with
DBLINKed LDAP?
</whatif>
-R
|
