| From: | Michael Wood <esiotrot(at)gmail(dot)com> |
|---|---|
| To: | "Bret S(dot) Lambert" <bret(dot)lambert(at)gmail(dot)com> |
| Cc: | Greg Cocks <gcocks(at)stoller(dot)com>, pgsql-novice(at)postgresql(dot)org, Pete Humphrey <phumphrey(at)stoller(dot)com> |
| Subject: | Re: Seeking experiences 'accessing' Microsoft Active Directory credentials from PostgreSQL, in conjunction with the sys admin / IT... |
| Date: | 2010-02-24 07:57:13 |
| Message-ID: | 5a8aa6681002232357o6df28cc6x1fad69913aa12227@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-novice |
On 24 February 2010 07:56, Bret S. Lambert <bret(dot)lambert(at)gmail(dot)com> wrote:
[...]
>> * A 'direct' read-only connection (without comprising the network
>> security), but of what sort? I have no experience in how AD stores and
>> shares its info, bit am happy to learn what is needed (IT has a lot of
>> knowledge of course, but don't use PostgreSQL)
>
> The most straightforward solution would be for postgres to grab the
> data via an LDAP connection (that's how AD exports data) after getting
> set up by your admins to get read-only access to the user data you need.
>
> However, I'm not sure that postgres has the code to pull in LDAP
> data as a table (which would be a nice feature, IMO), but doing a
> daily/hourly/every 30 seconds/whenever cron job which pulls data
> via a ldapsearch (I'm assuming unix, because, frankly, I don't
> care about windows), and then rebuilds a table with the new data.
I wonder if you couldn't do this with e.g. a plperl function or something?
--
Michael Wood <esiotrot(at)gmail(dot)com>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Albe Laurenz | 2010-02-24 08:51:00 | Re: Not able to change the owner of function |
| Previous Message | Jignesh Shah | 2010-02-24 06:38:32 | Re: Not able to change the owner of function |