On 2010-02-24, Michael Wood <esiotrot@gmail.com> wrote:
> On 24 February 2010 07:56, Bret S. Lambert <bret.lambert@gmail.com> wrote:
> [...]
>>> * A 'direct' read-only connection (without comprising the network
>>> security), but of what sort? I have no experience in how AD stores and
>>> shares its info, bit am happy to learn what is needed (IT has a lot of
>>> knowledge of course, but don't use PostgreSQL)
>>
>> The most straightforward solution would be for postgres to grab the
>> data via an LDAP connection (that's how AD exports data) after getting
>> set up by your admins to get read-only access to the user data you need.
>>
>> However, I'm not sure that postgres has the code to pull in LDAP
>> data as a table (which would be a nice feature, IMO), but doing a
>> daily/hourly/every 30 seconds/whenever cron job which pulls data
>> via a ldapsearch (I'm assuming unix, because, frankly, I don't
>> care about windows), and then rebuilds a table with the new data.
>
> I wonder if you couldn't do this with e.g. a plperl function or something?
yes, it should be possible to do a set returning plperl or C functuion
which querys the AD via LDAP and use that function to populate a view
not very efficient (if queried frequently) but reasonably seamless.