SUM - Seeking experiences 'accessing' Microsoft Active Directory credentials from PostgreSQL, in conjunction with the sys admin / IT...

Hello,

Thank you for the suggestions...

Background - I am working in a Windows environment, am a geologist by training and primarily focused on scientific data management and sharing, including via web pages (PHP, etc) that I construct...

Although the LDAP suggestions were intriguing, I unfortunately don't feel that I (currently at least) have the time to get into what seems like a very IT specific area...

Even with the stated and recognised "tomanymovingparts', I went with...

- having IT dump the AD user contents into a pipe-delimited text field in a secure spot on 'my' web/database server on a nightly basis (yes, on the same virtual server - hey, we are a smallish operation! ;) )

- installed pgAgent

- wrote some simple SQL (TRUNCATE, COPY...) to clear out and reload my "AD copy" (sic) table in my database

- added a pgAgent job to have this SQL 'work', again on a nightly basis 1 hour after the IT script created the text file 'dump' (note that I found I had to upgrade pgAdmin from v1.10.0 to 1.10.1, else trying to set up the job in pgAgent caused pgAdmin to crash (the power of Googling.. again...))

- went ahead and moved my backups from *.bat files initiated by Windows Task Scheduler ---> pgAgent jobs (easier to manage, all in the one place, etc)

Again, thanks...

----------
Regards,
GREG COCKS
Data Management Specialist / Scientist / GIS Analyst IV
gcocks(at)stoller(dot)com <blocked::mailto:gcocks(at)stoller(dot)com>
S. M. Stoller Corp
105 Technology Drive, Suite 190
Broomfield, CO 80021
www.stoller.com <blocked::http://www.stoller.com/>
303-546-4300
303-443-1408 fax
303-546-4422 direct
303-828-7576 cell

________________________________

From: Greg Cocks [mailto:gcocks(at)stoller(dot)com]
Sent: Tue 2/23/2010 4:00 PM
To: pgsql-novice(at)postgresql(dot)org
Cc: Pete Humphrey
Subject: [NOVICE] Seeking experiences 'accessing' Microsoft Active Directory credentials from PostgreSQL, in conjunction with the sys admin / IT...

Hello,

I have been doing some reading and working with the IT staff here to be able to get (read-only) accessibility in PostgreSQL to the Active Directory credentials for a Microsoft network - UID, fname, lname, etc (not the PWID of course!)

I would appreciate any suggestions on the most workable and dynamic approach...

My initial two thoughts were:

* Have IT write a script to dump the AS credentials as, say, a delimited text file to a (secure) location on a nightly basis (an often enough frequency for my purposes) - and have PostgreSQL dynamically link, with the right credentials, to that network location with their text file/s (including 'recognising' when the file/s change)
* A 'direct' read-only connection (without comprising the network security), but of what sort? I have no experience in how AD stores and shares its info, bit am happy to learn what is needed (IT has a lot of knowledge of course, but don't use PostgreSQL)

Thanks in advance for any help...

Some new things to learn, always a good thing - hence what seems like a possibly vague / broad request...

----------
Regards,

Greg Cocks

Licensed Geologist, WA#415

Data Management & GIS Analyst
gcocks(at)stoller(dot)com
S. M. Stoller Corp
105 Technology Drive, Suite 190
Broomfield, CO 80021
www.stoller.com
303-546-4300
303-443-1408 fax
303-546-4422 direct
303-828-7576 cell