Pardon me if this solution is silly, but it seems to me that in openacs we require the database user (aolserver) to have database superuser privileges (after all, the user must be able to create another user and a database). So... why not confer aolserver the superuser identity, without actually creating a new database user or dumping/restoring the existing database, by using the "peer" authentication model? That is, in pg_hba.conf have
localhost all peer openacs
and in pg_ident.conf,
openacs aolserver postgres
where "aolserver" is the owner of the aolserver process, and "postgres" is the database superuser? Whoever owns the database that contains the data will now be accessed by "aolserver" as the "postgres" superuser, which should give all access.
Don, am I totally off here?