To All, I am attempting to setup a server to use SSPI for mapping operating system users/groups to various postgres roles. In process I found that everything is driven off of the username in the mapping with no group but the mapping file supports regular expressions to do some mapping.
As detailed in: http://serverfault.com/questions/219596/is-it-possbile-to-restrict-who-can-connect-to-postgres-using-active-directory-gro http://www.postgresql.org/docs/9.0/interactive/auth-methods.html#SSPI-AUTH http://www.postgresql.org/docs/9.0/interactive/auth-username-maps.html Would it be possible to include either the primary group or a list of groups in the username string for mapping in the pg_ident.conf file? For example: User Tom is a member of the "sales" primary group in the DEV domain with a secondary group of "users". When he attempts to login, postgres builds the following username for matching purposes: "Tom:sa...@dev" or "Tom:sales,us...@dev". At that point we could map the user to a specific postgres based on the group(s) instead of using username prefixes or hard coding each name. Christopher A Hotchkiss JPMorgan Chase & Co. Email christopher.a.hotchk...@jpmchase.com This communication is for informational purposes only. It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction. All market prices, data and other information are not warranted as to completeness or accuracy and are subject to change without notice. Any comments or statements made herein do not necessarily reflect those of JPMorgan Chase & Co., its subsidiaries and affiliates. This transmission may contain information that is privileged, confidential, legally privileged, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. Although this transmission and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by JPMorgan Chase & Co., its subsidiaries and affiliates, as applicable, for any loss or damage arising in any way from its use. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. Please refer to http://www.jpmorgan.com/pages/disclosures for disclosures relating to European legal entities. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
