Hi all;

I normally don't forward announcements from other lists, but this
seems like it may be useful with 1.3 so I figured I would send it.  I
don't know whether it will provide all the features needed out of the
box but one can always add features needed and contribute changes
back.

The features I have asked the author about include:
* The ability to ignore application-specific roles in PostgreSQL.
* The ability to import users only from part of the LDAP tree

I don't know of these features exist, but if not I don't think they
would likely be that hard to add.

Lars Kanis has created a tool to synchronize LDAP roles with
PostgreSQL roles, seeing the LDAP tree as authoritative.  This is
helpful because PostgreSQL can authenticate against an LDAP database,
and this sort of authentication is supported in 1.3 as it is.  If your
organization (or if you are a consultant, your customers'
organizations) could use single sign on, this is a helpful step
forward.

Best Wishes,
Chris Travers

---------- Forwarded message ----------
From: Lars Kanis <ka...@comcard.de>
Date: Wed, Jul 13, 2011 at 6:59 AM
Subject: [GENERAL] Using LDAP roles in PostgreSQL
To: pgsql-gene...@postgresql.org


Hi,

LDAP is often used to do a centralized user and role management in an
enterprise environment. PostgreSQL offers different
authentication methods, like LDAP, SSPI, GSSAPI or SSL. However, for
any of these methods the user must already exist in the
database, before the authentication can be used. There is currently no
authorization of database users directly based on LDAP.

Unfortunately, I couldn't find a programm for synchronizing users,
groups and their memberships from LDAP to PostgreSQL. So I wrote
my own and just released v0.1.0.

Access to LDAP is used read-only. pg_ldap_sync issues proper CREATE
ROLE, DROP ROLE, GRANT and REVOKE commands to
synchronize users and groups. It is meant to be started as a cron job.

FEATURES:
* Configurable per YAML config file
* Can use Active Directory as LDAP-Server
* Nested groups/roles supported
* Runs with pg.gem (C-library) or postgres-pr.gem (pure Ruby)
* Test mode which doesn’t do any changes to the DBMS

Homepage: https://github.com/larskanis/pg-ldap-sync

Is it something useful for someone apart of mine?

--
Kind regards,
Lars Kanis

--
Sent via pgsql-general mailing list (pgsql-gene...@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general

------------------------------------------------------------------------------
AppSumo Presents a FREE Video for the SourceForge Community by Eric 
Ries, the creator of the Lean Startup Methodology on "Lean Startup 
Secrets Revealed." This video shows you how to validate your ideas, 
optimize your ideas and identify your business strategy.
http://p.sf.net/sfu/appsumosfdev2dev
_______________________________________________
Ledger-smb-devel mailing list
Ledger-smb-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel

Reply via email to