Re: allowing "map" for password auth methods with clientcert=verify-full

On Wed, 2021-10-27 at 10:12 -0400, Andrew Dunstan wrote:
> Possibly slightly off topic, but
> 
> The cert+map pattern is very useful in conjunction with pgbouncer. Using
> it with an auth query to get the password pgbouncer doesn't even need to
> have a list of users, and we in effect delegate authentication to
> pgbouncer.
> 
> It would be nice to have + and @ expansion for the usernames in the
> ident file, like there is for pg_hba.conf.

(Probably is off-topic :D but +1 to the concept. Combined with LDAP
mapping that could make some of the ad-hoc LDAP-to-Postgres sync
scripts a lot simpler.)

--Jacob