Étienne BERSAC

Handling referrals requires multiple binds to each server. I could design a first implementation that only accepts multiple LDAP connexions sharing same binddn/password or SASL user/password. I need to check...

Referrals is mentionned in python-ldap FAQ. https://www.python-ldap.org/en/python-ldap-3.4.0/faq.html?highlight=referrals#usage With REFERRALS=yes, libldap chase referrals using anonymous binding. This not what you want. Which SASL method do you use ? GSSAPI should best...

> > Which SASL method do you use ? > > I don't use a specific SASL method by choice (keep in mind I'm a database expert, not an LDAP...

Hi @arjan-saly-tfs , Yes, ldap2pg can create static roles and configure them just like roles created from LDAP searches. Just skip the `ldapsearch` stanza: ``` yaml sync_map: - description: "Static...

Hi @arjan-saly-tfs that's the purpose of using LDAP for authentication. You have to configure pg_hba.conf for these roles. ldap2pg does not manage passwords.

Hi @arjan-saly-tfs yes. static roles in ldap2pg are usualy groups.

Hi @patcamen . Interesting. I'm willing to make ldap2pg a good citizen with splunk and other auditing tools. Can you forge some sample of log lines you expect ? For...

Hi @guruguruguru, These warnings tells you that theses roles should be returned by `managed_roles_query` but aren't. ldap2pg warns you because these roles won't be dropped by ldap2pg if they are...

Ok. ldap2pg has somewhat reversed the direction of roles memberships. ldap2pg manages children of roles while Postgres manages parents. This leads to some harder to understand situation. It's documented here...

Actually, we already had this discussion in #315 :-)