Hacker News new | ask | show | jobs
by gregn610 2271 days ago
I'm surprised that no-one is complaining about the lack of Active Directory integration for authorization.

#disclaimer - Author of an AD integration solution that never got off the ground.

https://github.com/gregn610/padnag
1 comments
LunaSea 2271 days ago
I think it's a bad idea for a database to start implementing third-part vendor related features.

That's the type of feature that should be implemented as a plugin.

link
nijave 2271 days ago
You could just call it "ldap authentication". AD comes with an LDAP interface.
link
anarazel 2271 days ago
Postgres does have ldap based auth, and also can authenticate against AD using sspi/gssapi.

The problem with that is that it requires users to have been created inside postgres first, and that you can't manage group membership inside AD.

link
gregn610 2270 days ago
yup, that's what I meant by authorisation, keeping the roles and groups in pgsql up to date.
link
fanf2 2271 days ago
Or Kerberos authentication (which AD also supports) https://www.postgresql.org/docs/current/gssapi-auth.html
link
jtdev 2271 days ago
Yes, and that AD LDAP interface is riddled with MS specific deviations that require complying with MS’s way of doing LDAP.
link