> * Have IT write a script to dump the AS credentials as, say, a
> delimited text file to a (secure) location on a nightly basis (an often
> enough frequency for my purposes) - and have PostgreSQL dynamically
> link, with the right credentials, to that network location with their
> text file/s (including 'recognising' when the file/s change)
ETOOMANYMOVINGPARTS, in addition to your admins failing to leverage
the ability of AD to natively export data over a standard protocol
> * A 'direct' read-only connection (without comprising the network
> security), but of what sort? I have no experience in how AD stores and
> shares its info, bit am happy to learn what is needed (IT has a lot of
> knowledge of course, but don't use PostgreSQL)
The most straightforward solution would be for postgres to grab the
data via an LDAP connection (that's how AD exports data) after getting
set up by your admins to get read-only access to the user data you need.
However, I'm not sure that postgres has the code to pull in LDAP
data as a table (which would be a nice feature, IMO), but doing a
daily/hourly/every 30 seconds/whenever cron job which pulls data
via a ldapsearch (I'm assuming unix, because, frankly, I don't
care about windows), and then rebuilds a table with the new data.