On Fri, 2021-10-29 at 17:38 +, Jacob Champion wrote:
> v3 attached, which uses the above naming scheme and removes the stale
> TODO. Changes in since-v2.
v4 rebases over the recent TAP changes.
--Jacob
From e0f36725013610eade9bc83414c4d1f5adea17e2 Mon Sep 17 00:00:00 2001
From: Jacob
On Tue, 2021-09-28 at 18:15 +, Jacob Champion wrote:
> | authn authz
> -+---
> envvar | PGAUTHUSERPGUSER
> conninfo | authuser user
> frontend | conn->pgauthuser conn->pguser
> backend | port->auth_user
On Tue, 2021-09-28 at 18:08 +, Jacob Champion wrote:
> > | authn authz
> > -+---
> > envvar | PGAUTHUSERPGUSER
> > conninfo | authuser user
> > frontend | conn->pgauthuser conn->pguser backend | port->auth_user
On Tue, 2021-09-28 at 18:02 +, Jacob Champion wrote:
> On Tue, 2021-09-28 at 15:38 +0200, Magnus Hagander wrote:
> > I'm a bit hesitant about the ldapuser libpq parameter. Do we really
> > want to limit ourselves to just ldap, if we allow this? I mean, why
> > not allow say radius or pam to
On Tue, 2021-09-28 at 15:38 +0200, Magnus Hagander wrote:
> I'm a bit hesitant about the ldapuser libpq parameter. Do we really
> want to limit ourselves to just ldap, if we allow this? I mean, why
> not allow say radius or pam to also specify a different username for
> the external system? If we
On Wed, Sep 1, 2021 at 8:43 PM Jacob Champion wrote:
>
> On Wed, 2021-09-01 at 15:42 +, Jacob Champion wrote:
> > The cfbot found a failure in postgres_fdw, which I completely neglected
> > in my design. I think the desired functionality should be to allow the
> > ldapuser connection option
On Wed, 2021-09-01 at 14:20 -0700, Zhihong Yu wrote:
> I looked at v2-Allow-user-name-mapping-with-LDAP.patch
> and src/backend/postmaster/postmaster.c in master branch but didn't
> find what you mentioned.
This hunk is in src/backend/libpq/hba.c, in the parse_hba_auth_opt()
function. The code
On Wed, Sep 1, 2021 at 1:56 PM Jacob Champion wrote:
> On Wed, 2021-09-01 at 12:59 -0700, Zhihong Yu wrote:
> > + if (strcmp(val, "1") == 0)
> > + hbaline->ldap_map_dn = true;
> > + else
> > + hbaline->ldap_map_dn = false;
> >
> > The above can be shortened as:
>
On Wed, 2021-09-01 at 12:59 -0700, Zhihong Yu wrote:
> + if (strcmp(val, "1") == 0)
> + hbaline->ldap_map_dn = true;
> + else
> + hbaline->ldap_map_dn = false;
>
> The above can be shortened as:
>
> hbaline->ldap_map_dn = strcmp(val, "1") == 0;
I usually prefer
On Wed, Sep 1, 2021 at 11:43 AM Jacob Champion wrote:
> On Wed, 2021-09-01 at 15:42 +, Jacob Champion wrote:
> > The cfbot found a failure in postgres_fdw, which I completely neglected
> > in my design. I think the desired functionality should be to allow the
> > ldapuser connection option
On Wed, 2021-09-01 at 15:42 +, Jacob Champion wrote:
> The cfbot found a failure in postgres_fdw, which I completely neglected
> in my design. I think the desired functionality should be to allow the
> ldapuser connection option during CREATE USER MAPPING but not CREATE
> SERVER.
Fixed in v2,
On Tue, 2021-08-31 at 19:39 +, Jacob Champion wrote:
> Hello,
>
> There was a brief discussion [1] back in February on allowing user
> mapping for LDAP, in order to open up some more complex authorization
> logic (and slightly reduce the need for LDAP-to-Postgres user
> synchronization).
Hello,
There was a brief discussion [1] back in February on allowing user
mapping for LDAP, in order to open up some more complex authorization
logic (and slightly reduce the need for LDAP-to-Postgres user
synchronization). Attached is an implementation of this that separates
the LDAP
13 matches
Mail list logo
