W dniu 23.04.2015 o 00:06, John R Pierce pisze:
On 4/22/2015 2:57 PM, Joseph Kregloh wrote:
I see. That would still require a manual process to create the user on each server. I was planing on using some already existing scripts to create the user automatically on all servers and then LDAP would authorize depending on attributes in their LDAP profile.
but thats not how it works, so all the 'planing' in the world won't change a thing.
access rights per database are managed with GRANT, users must be CREATE USER on each server regardless of how they are authenticated.
As I understand:
1. postgresql maintains whatever's GRANTed within its system tables.
2. postgresql supports DBLINK
<whatif>
there was a way to supplement (join) system rights table with DBLINKed LDAP?
</whatif>
-R