Sync docs from Discourse

Author: github-actions[bot]

docs/how-to/h-enable-ldap.md

@@ -0,0 +1,127 @@
+[note]
+**Note**: All commands are written for `juju >= v.3.0`
+
+If you are using an earlier version, check the [Juju 3.0 Release Notes](https://juju.is/docs/juju/roadmap#heading--juju-3-0-0---22-oct-2022).
+[/note]
+
+[note]
+LDAP is available on channels: `14/edge` and `16/edge`, from revision `600`.
+[/note]
+
+
+# How to enable LDAP authentication
+
+LDAP (*Lightweight Directory Access Protocol*) enables centralized authentication for PostgreSQL clusters, reducing the overhead of managing local credentials and access policies.
+
+This guide goes over the steps to integrate LDAP as an authentication method with the PostgreSQL charm, all within the Juju ecosystem.
+
+## Deploy an LDAP server in a K8s environment
+
+[note type="caution"]
+**Disclaimer:** In this guide, we use [self-signed certificates](https://en.wikipedia.org/wiki/Self-signed_certificate) provided by the [`self-signed-certificates` operator](https://github.com/canonical/self-signed-certificates-operator). 
+
+**This is not recommended for a production environment.**
+
+For production environments, check the collection of [Charmhub operators](https://charmhub.io/?q=tls-certificates) that implement the `tls-certificate` interface, and choose the most suitable for your use-case.
+[/note]
+
+Switch to the Kubernetes controller:
+
+```shell
+juju switch <k8s_controller>
+```
+
+Deploy the [GLAuth charm](https://charmhub.io/glauth-k8s):
+```shell
+juju add-model glauth
+juju deploy self-signed-certificates
+juju deploy postgresql-k8s --channel 14/stable --trust
+juju deploy glauth-k8s --channel edge --trust
+```
+
+Integrate (formerly known as "relate") the three applications:
+```shell
+juju integrate glauth-k8s self-signed-certificates
+juju integrate glauth-k8s postgresql-k8s
+```
+
+Deploy the [GLAuth-utils charm](https://charmhub.io/glauth-utils), in order to manage LDAP users:
+
+```shell
+juju deploy glauth-utils --channel edge --trust
+```
+
+Integrate (formerly known as "relate") the two applications:
+
+```shell
+juju integrate glauth-k8s glauth-utils
+```
+
+## Expose cross-controller URLs
+
+Enable the required micro-k8s plugin:
+
+```shell
+IPADDR=$(ip -4 -j route get 2.2.2.2 | jq -r '.[] | .prefsrc')
+sudo microk8s enable metallb $IPADDR-$IPADDR
+```
+
+Deploy the [Traefik charm](https://charmhub.io/traefik-k8s), in order to expose endpoints from the K8s cluster:
+
+```shell
+juju deploy traefik-k8s --trust
+```
+
+Integrate (formerly known as "relate") the two applications:
+
+```shell
+juju integrate traefik-k8s glauth-k8s:ingress
+```
+
+## Expose cross-model relations
+
+To offer the GLAuth interfaces, run:
+
+```shell
+juju offer glauth-k8s:ldap ldap
+juju offer glauth-k8s:send-ca-cert send-ca-cert
+```
+
+## Enable LDAP
+
+Switch to the VM controller:
+
+```shell
+juju switch <lxd_controller>:postgresql
+```
+
+To have LDAP offers consumed:
+
+```shell
+juju consume <k8s_controller>:admin/glauth.ldap
+juju consume <k8s_controller>:admin/glauth.send-ca-cert
+```
+
+To have LDAP authentication enabled, integrate the PostgreSQL charm with the GLAuth charm:
+
+```shell
+juju integrate postgresql:ldap ldap
+juju integrate postgresql:receive-ca-cert send-ca-cert
+```
+
+## Map LDAP users to PostgreSQL
+
+To have LDAP users available in PostgreSQL, provide a comma separated list of LDAP groups to already created PostgreSQL authorization groups. To create those groups before hand, refer to the Data Integrator charm [page](https://charmhub.io/data-integrator).
+
+```shell
+juju config postgresql ldap_map="<ldap_group>=<psql_group>"
+```
+
+## Disable LDAP
+
+You can disable LDAP removing the following relations:
+
+```shell
+juju remove-relation postgresql.receive-ca-cert send-ca-cert
+juju remove-relation postgresql.ldap ldap
+```

docs/overview.md

@@ -65,6 +65,7 @@ PostgreSQL is a trademark or registered trademark of PostgreSQL Global Developme
 | 2 | h-external-access | [External network access](/t/15802) |
 | 2 | h-scale | [Scale replicas](/t/9689) |
 | 2 | h-enable-tls | [Enable TLS](/t/9685) |
+| 2 | h-enable-ldap | [Enable LDAP](/t/17361) |
 | 2 | h-enable-plugins-extensions | [Enable plugins/extensions](/t/10906) |
 | 2 | h-backup | [Back up and restore]() |
 | 3 | h-configure-s3-aws | [Configure S3 AWS](/t/9681) |
@@ -91,11 +92,13 @@ PostgreSQL is a trademark or registered trademark of PostgreSQL Global Developme
 | 3 | h-migrate-backup-restore | [Migrate data via backup/restore](/t/12164) |
 | 1 | reference | [Reference](/t/13976) |
 | 2 | r-releases | [Releases](/t/11875) |
+| 2 | r-channels | [Channels](/t/17405) |
 | 2 | r-system-requirements | [System requirements](/t/11743) |
 | 2 | r-software-testing | [Software testing](/t/11773) |
 | 2 | r-performance | [Performance and resources](/t/11974) |
 | 2 | r-troubleshooting | [Troubleshooting](/t/11864) |
 | 3 | r-sos-report | [SOS report](/t/17228) |
+| 3 | r-cli-helpers | [CLI helpers](/t/17406) |
 | 2 | r-plugins-extensions | [Plugins/extensions](/t/10946) |
 | 2 | r-alert-rules | [Alert rules](/t/15841) |
 | 2 | r-statuses | [Statuses](/t/10844) |

docs/reference/r-channels.md

@@ -0,0 +1,87 @@
+# PostgreSQL major versions
+
+Charmed PostgreSQL is shipped in following [tracks](https://documentation.ubuntu.com/juju/3.6/reference/charm/#track): 
+
+* [PostgreSQL 16](https://charmhub.io/postgresql?channel=16/beta) (channel `16/candidate`)
+* [PostgreSQL 14](https://charmhub.io/postgresql?channel=14/stable) (channel `14/stable`)
+* [Legacy PostgreSQL charm](https://charmhub.io/postgresql?channel=latest/stable) (channel `latest/stable`) -> **deprecated**
+
+This includes two major PostgreSQL versions,  `14` and `16`, matching [Ubuntu versioning](https://packages.ubuntu.com/postgresql) for PostgreSQL.
+
+## PostgreSQL 16
+
+PostgreSQL 16 is shipped in track `16` and is available for testing in the channel `16/candidate`.
+
+**Base:** Noble (Ubuntu 24.04)
+
+**Supported architectures:** `arm64` and `amd64`.
+
+### Supported features
+
+* [LDAP integration](/t/17361) (also supported by PostgreSQL `14`)
+* [SoS report integration](/t/17228) (also supported by PostgreSQL `14`)
+* Recovery improvements (also supported by PostgreSQL `14`)
+  * All members are sync nodes now
+  * Switchover the Primary unit via `promote-to-primary scope=unit`
+  * Raft re-init helper: `promote-to-primary scope=unit force=yes`
+* Juju user secrets for system password rotation
+* Timescale Community Edition
+* Extended [COS integration](/t/10600)
+  * [Profiling via Parca](/t/17172)
+  * [Tracing via Tempo](/t/14521)
+* Improved [security hardening](/t/16852)
+* (WIP) Multiple Juju storages support
+* (WIP) Juju Spaces
+* (WIP) Refresh v3 lib support <!--VM only-->
+* (WIP) Improved built-in roles 
+
+<!--
+Saving the following items for release notes:
+* PgBouncer and Data Integrator@24.04 
+* [Released slim PostgreSQL SNAP](https://snapcraft.io/postgresql)
+-->
+
+See the detailed features list on [the release notes](/t/11875) page.
+
+### Deprecated
+* Legacy interface `psql` (endpoints `db` and `db-admin`).
+  * See more about supported interfaces in [Interfaces and endpoints](/t/10251).
+* Support for Juju < `v3.6`
+  * Charmed PostgreSQL 16 requires Juju `3.6+ LTS` due to [Juju secrets](https://documentation.ubuntu.com/juju/3.6/reference/secret/index.html) support. 
+* Juju actions `get-password` and `set-password`.
+  * For security reasons, these actions are replaced by [Juju secrets](https://documentation.ubuntu.com/juju/3.6/reference/secret/index.html).
+* [Timescape Apache 2 edition](https://docs.timescale.com/about/latest/timescaledb-editions/) has been replaced by [Timescape Community edition](https://docs.timescale.com/about/latest/timescaledb-editions/) 
+
+
+## PostgreSQL 14
+
+PostgreSQL 14 is shipped in track `14` and available for production in the channel `14/stable`. 
+
+**Base:** Jammy (Ubuntu 22.04)
+
+**Supported architectures:** `arm64` and `amd64`.
+
+### Supported features
+
+* [Deployment](/t/16811) on multiple cloud services
+* [Backup and restore](/t/9683)
+  * Including point-in-time recovery (PITR)
+* [COS integration](/t/10600)
+* [TLS integration](/t/9685)
+* [LDAP integration](/t/17361)
+* [`arm64` architecture](/t/11743)
+
+See the detailed features list on [the release notes](/t/11875) page.
+
+### Deprecated
+
+* Features that are new to Charmed PostgreSQL `16` are not backwards compatible with `14`
+* Charmed PostgreSQL 14 ships [Timescape Apache 2 edition](https://docs.timescale.com/about/latest/timescaledb-editions/) only.
+
+## Legacy PostgreSQL charm
+
+The legacy charm in the track `latest`  has been deprecated and is **not supported.** It is still available here for the historical and comparative reasons only. 
+
+Please use the supported tracks of the modern charm: `14/` and `16/`.
+
+Learn more in the [legacy charm explanation page](/t/10690).