Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tOYTT-0078el-F0 for pgsql-general@arkaria.postgresql.org; Fri, 20 Dec 2024 08:35:07 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1tOYTS-007SzX-ML for pgsql-general@arkaria.postgresql.org; Fri, 20 Dec 2024 08:35:06 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tOYTS-007Syo-BM for pgsql-general@lists.postgresql.org; Fri, 20 Dec 2024 08:35:06 +0000 Received: from cloud.gatewaynet.com ([185.90.37.94]) by makus.postgresql.org with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tOYTP-000WPo-M5 for pgsql-general@lists.postgresql.org; Fri, 20 Dec 2024 08:35:04 +0000 Content-Type: multipart/alternative; boundary="------------ZsPgTUjIibvNmMPG7t7A306I" Message-ID: Date: Fri, 20 Dec 2024 10:35:01 +0200 MIME-Version: 1.0 Subject: Re: Clusters and shared permissions using LDAP To: pgsql-general@lists.postgresql.org References: <1344309869.292954.1733846383591.ref@mail.yahoo.com> <1344309869.292954.1733846383591@mail.yahoo.com> Content-Language: en-US From: Achilleas Mantzios - cloud In-Reply-To: <1344309869.292954.1733846383591@mail.yahoo.com> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk This is a multi-part message in MIME format. --------------ZsPgTUjIibvNmMPG7t7A306I Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 12/10/24 17:59, Felipe Matas wrote: > Hi all! I'm trying to build three postgres clusters (in different > servers), I'm thinking to use CITUS to make the data available across > the clusters, I'm checking the docs. > > What I have not been able to found in any place, is how to handle the > permissions, I can use LDAP to handle the shared credentials across > the clusters, I have not experience with LDAP but is no problem with > learning :) > > So, how can I handle the permissions? From what I have read, seems > LDAP only handle user/pass, is there any way to make all the clusters > to have the same permissions to the LDAP users? > > In the time, I'll add more servers to this, so handle server by server > all the permissions to each user is not a nice way to handle it. > > Probs this is already solved somehow, but I can't find it. As you said, LDAP only deals with authentication not authorization. If you want to implement security using PostgreSQL, then you will have to replicate the DDL, GRANTS, memberships, etc > > Thx! --------------ZsPgTUjIibvNmMPG7t7A306I Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

On 12/10/24 17:59, Felipe Matas wrote:

Hi all! I'm trying to build three postgres clusters (in different servers), I'm thinking to use CITUS to make the data available across the clusters, I'm checking the docs.

What I have not been able to found in any place, is how to handle the permissions, I can use LDAP to handle the shared credentials across the clusters, I have not experience with LDAP but is no problem with learning :)

So, how can I handle the permissions? From what I have read, seems LDAP only handle user/pass, is there any way to make all the clusters to have the same permissions to the LDAP users?

In the time, I'll add more servers to this, so handle server by server all the permissions to each user is not a nice way to handle it.

Probs this is already solved somehow, but I can't find it.

As you said, LDAP only deals with authentication not authorization.

If you want to implement security using PostgreSQL, then you will have to replicate the DDL, GRANTS, memberships, etc

Thx!

--------------ZsPgTUjIibvNmMPG7t7A306I--