:elephant: :busts_in_silhouette: Manage PostgreSQL roles and privileges from YAML or LDAP
6.0 is a major release including a complete rewrite of ldap2pg in Go.
Please carefully test before upgrading on production system.
Breaking changes
LDAPUSER
env var is now LDAPSASL_AUTHCID
.owners_query
for a new dynamic owner inspection.role_match
condition.allowed_missing_attributes
and LDAP attribute typo detection.on_unexpected_dn
. ldap2pg always warn and skip.postgres:dsn
. Use PG* env var.ldap
dict. Use LDAP* env vars and ldaprc.Unimplemented feature may be reimplemented depending on feedback!
New features and behaviour
role:config
section allowing to set per role PostgreSQL parameter. For all databases only.--skip-privilege
option. Ignore privileges and grant from configuration.owner
field of grant
rule, default to __auto__
.__auto__
owner value.CREATE
privilege is synchronized.
It's the set of all managed roles having CREATE
privilege on the target schema of the grant.