Hi, Since ldap2pg 6, I'm working on running by default as non-super role with CREATEDB. Robert Haas made this a viable solution as of Postgres 16.
I got a case where ldap2pg tries to remove a role from a group. But ldap2pg user is not the grantor of this membership. This triggers a warning: $ REVOKE owners FROM alice; WARNING: role "alice" has not been granted membership in role "owners" by role "ldap2pg" I'll add a condition on grantor when listing manageable membership to simply avoid this. However, I'd prefer if Postgres fails properly. Because the GRANT is actually not revoked. This prevent ldap2pg to report an issue in handling privileges on such roles. What do you think of make this warning an error ?
