postgres-operator
postgres-operator copied to clipboard
CrunchyData
Question: LDAP integration users permission
After setup ldap auth on pgAdmin 4, when log in as ldap user I do not see any database servers. With pgadmin@pgo I see it.
Is it expected? How to assign permission for ldap user to database server / cluster?
@todeb that is the expected behavior. At this time, DB connection information is only auto-populated when using usernames & passwords with pgAdmin4, not when using using the LDAP integration. Any needed permissions will have to be configured manually.
Do you mean that logins, users and privileges should be added manually by queries? If the logins and passwords are not populated to DB, then what is the purpose of that LDAP integration?
@todeb the purpose of the LDAP integration is to allow you to authenticate into pgAdmin 4 using your own LDAP server, as described in the LDAP Authentication page of the pgAdmin 4 docs.
And once your users have authenticated into pgAdmin using the credentials they provide to authenticate into your LDAP server, they will then simply need to manually configure any required connections to the PostgreSQL database.
Is it possible match manually created or auto-populated logins in DB with the LDAP users, so they can authenticate with their LDAP passwords?
@todeb yes - the purpose of the LDAP integration is to allow users to authenticate into pgAdmin 4 using their LDAP credentials.
As previously mentioned, the purpose of the purpose of the LDAP integration is to allow users to authenticate into pgAdmin 4 using their LDAP credentials.
However, to clarify - PGO will not currently create DB users based on users in LDAP, nor will PGO currently create users in LDAP based on the users you define in your PostgresCluster spec.
I mean login to DB not pgadmin4. If i have a user from LDAP: user1 / pass1, who authenticates through pgadmin4. I'm creating login in DB: user1 with random password. I expect that the password will sync with the LDAP password. So i won't need to provide additional pwd to user. So he will auth to both pgadmin4 and db with same cred eg user1 / pass1
Currently the LDAP integration enables authentication into pgAdmin via LDAP only. This means when using LDAP in the example you provided, the DB connection as user1 within pgAdmin will need to be manually configured.
In the future we look to expand this integration to greater facilitate database connection for LDAP users, but for now that capability is only available when using "internal" authentication with pgAdmin.
Also, please note that you can configure PostgreSQL to authenticate via LDAP as well (configured separately from LDAP for pgAdmin 4).
This would allow you to authenticate into both PostgreSQL and pgAdmin using the same credentials.