On 08/22/2018 12:54 PM, Ravi Krishna wrote:
>>
>> How is that different from giving your grants to a database role and
>> just telling the new user the name and password of that role to connect as?
>
> Well here I have to do some work, with the groups approach, it is outsourced to devops. Secondly when you take into
accountAD, the user does not have to remember his password for db login. It is same as AD.
So it seems to me that the feature may be worth adding is to fetch the
password, *as well as "ldapsearchattribute"* from LDAP:
https://www.postgresql.org/docs/10/static/auth-methods.html#AUTH-LDAP
You should be able to get the role name from AD already, but the
password they still have to remember.
Although I still don't see this really working for anything more
complicated than one database and no user in more than one group.
--
Dimitri Maziuk
Programmer/sysadmin
BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu