On Fri, 13 Sep 2013 16:29:47 -0400 Stephen Frost <sfrost@snowman.net> wrote:
>
> > Thus, when I go to log in as wmoran, LDAP checks my password, then informs
> > PostgreSQL to allow me in with specified roles, and I can do operations
> > granted to those roles.
>
> That's a little over-simplistic, isn't it? What about objects which are
> created by the 'wmoran' account?
To address this one question, it's not terribly difficult to make a rule that
handles this. LDAP could have a "primaryDatabaseRole" attribute that is used
when a single role is required (such as for object ownership) ... that's just
one possibility.
--
Bill Moran <wmoran@potentialtech.com>