Users and privileges

By default, synchronizing LDAP users through the LDAP Link service automatically grants roles (derived from their LDAP groups) to the users.

LDAP link: user groups as default roles

By default, synchronizing LDAP users through the LDAP Link service automatically grants roles (derived from their LDAP groups) to the users. However, these are not default roles and therefore must be enabled manually with SET ROLE before they take effect.

The new LDAPLinkAddRolesAsDefault parameter (disabled by default) makes these roles default roles automatically:

=> ALTER DATABASE DEFAULT SET LDAPLinkAddRolesAsDefault = 1;

For details on this and other LDAP Link parameters, see LDAP link parameters.