On 08/22/2018 12:54 PM, Ravi Krishna wrote:
>>
>> How is that different from giving your grants to a database role and
>> just telling the new user the name and password of that role to connect as?
> 
> Well here I have to do some work, with the groups approach, it is outsourced 
> to devops.  Secondly when you take into account AD, the user does not have to 
> remember his password for db login.  It is same as AD.

So it seems to me that the feature may be worth adding is to fetch the
password, *as well as "ldapsearchattribute"* from LDAP:
https://www.postgresql.org/docs/10/static/auth-methods.html#AUTH-LDAP

You should be able to get the role name from AD already, but the
password they still have to remember.

Although I still don't see this really working for anything more
complicated than one database and no user in more than one group.

-- 
Dimitri Maziuk
Programmer/sysadmin
BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to