Albrecht =?iso-8859-1?b?RHJl3w==?= <albrecht.dress@xxxxxxxx> writes: > In my installation, the user certificate CN's contain human-readable names (utf8, with spaces, etc.). I want *all* users connecting with cert authentication to be mapped to a certain database role. I don't think that the user name mapping feature works in the way you are hoping it does. According to https://www.postgresql.org/docs/current/auth-username-maps.html what the map does is to specify allowed combinations of the validated external user name ("Albrecht Dreß" in your example) and the database role the user asked to connect as. So given > certaccess /^.*$ testuser it should be possible to do psql -h dbserver -U testuser testdb with a certificate that has CN="Albrecht Dreß" (or anything else). But the map won't result in silently connecting you as some other role than the one you asked for. (I haven't actually tried this, but that's how I read the docs.) regards, tom lane
