On Tue, 2021-08-31 at 19:39 +0000, Jacob Champion wrote: > Hello, > > There was a brief discussion [1] back in February on allowing user > mapping for LDAP, in order to open up some more complex authorization > logic (and slightly reduce the need for LDAP-to-Postgres user > synchronization). Attached is an implementation of this that separates > the LDAP authentication and authorization identities, and lets the > client control the former with an `ldapuser` connection option or its > associated PGLDAPUSER envvar.
The cfbot found a failure in postgres_fdw, which I completely neglected in my design. I think the desired functionality should be to allow the ldapuser connection option during CREATE USER MAPPING but not CREATE SERVER. I'll have a v2 up today to fix that. --Jacob
