Postgres user authentification or LDAP authentification

On Thu, Jul 23, 2009 at 12:47, Lauris Ulmanis<lauris.ulmanis@mykoob.com> wrote:

Hello!

I posted you a message about slowness of creation users more than 500 000
(#4919). It seems there is no workaround of this problem because of using
pg_auth flat file.

To override this problem is it possible to use LDAP authentification metod
to identify each user and speed up system?

No. LDAP authentication still requires all the users to be created in
the database before they can log in. This is required so that they get
an oid in the system, that is used for all permissions checks and
ownership and such things.

The only thing you could do here is to map multiple users to the
*same* database user using pg_ident.conf, for example with a regular
expression. However, you then loose the ability to distinguish between
these users once they are logged in.

How it will affect group roles
for each user because we use groups roles to give Access to users to system
objects? Because group roles will work only with postgres users not LDAP.

The PostgreSQL LDAP code currently has no support for groups.

pgBouncer or pgPool uses Postgres users for connection pooling. Is there
some more variants to use connection pooling without using postgres users?

Not that I know of.

--
Magnus Hagander
Self: http://www.hagander.net/
Work: http://www.redpill-linpro.com/

Lauris Ulmanis wrote:

Hello!

I posted you a message about slowness of creation users more than 500 000
(#4919). It seems there is no workaround of this problem because of using
pg_auth flat file.

To override this problem is it possible to use LDAP authentification metod
to identify each user and speed up system?

No. The users still need to exist in the PG auth system.

I'm sure this is just some missing optimization. Feel free to work on
the code to improve performance for these cases.

--
Alvaro Herrera http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.