[LunaSea]

I think it's a bad idea for a database to start implementing third-part vendor related features.

That's the type of feature that should be implemented as a plugin.

[nijave]

You could just call it "ldap authentication". AD comes with an LDAP interface.

[anarazel]

Postgres does have ldap based auth, and also can authenticate against AD using sspi/gssapi.

The problem with that is that it requires users to have been created inside postgres first, and that you can't manage group membership inside AD.

[gregn610]

yup, that's what I meant by authorisation, keeping the roles and groups in pgsql up to date.

[fanf2]

Or Kerberos authentication (which AD also supports) https://www.postgresql.org/docs/current/gssapi-auth.html

[jtdev]

Yes, and that AD LDAP interface is riddled with MS specific deviations that require complying with MS’s way of doing LDAP.