Re: How to setup Active Directory users in Postgres 9.3.11

Hello Wyatt,

Il giorno mer, 09/03/2016 alle 14.35 +0000, Wyatt Sanford ha scritto:
> I have recently been tasked with installing Postgres 9.3.11 on a
> Windows 2012 R2 server on Active Directory and restoring backups from
> a Linux server running Postgres 9.3.11.  I have all of the databases
> restored to the windows server and now I need to set up access for
> users on Active Directory.  I’ve read a few things online, but did
> not find any good examples.  I know that you have to add login roles
[...]
> ports.  Can anyone give me some examples of the entries I need to add
> to the pg_hba.conf file or point me to some examples on the web.

I found the documentation on the web site quite good. These are two
examples I use every day for authenticating postgres users to a remote
AD:

host neos all 127.0.0.1/32  ldap ldapserver=ipaddress ldapbasedn="OU=xxx,DC=yyy,DC=local" ldapbinddn="CN=uuu,OU=xxx,DC=yyy,DC=local" ldapbindpasswd=password ldapsearchattribute=sAMAccountName
host neos all 10.42.112.0/24 ldap ldapserver=ipaddress ldapprefix="cn=" ldapsuffix=", ou=Users, ou=xxxx, dc=yyy, dc=local"

The first uses a special account for connecting and looking for
sAMAccountName before checking credentials, the second one connect
directly with specified credentials.

Please note, that beside importing all databases, you should also
import "globals" that contains all role definitions.

More info, for postgres 9.3, on the web site
http://www.postgresql.org/docs/9.3/interactive/auth-methods.html#AUTH-LDAP

More info about moving globals
http://www.postgresql.org/docs/9.3/static/app-pg-dumpall.html

Please note that postgresql connect to AD, it is not the other way
around.

Bye,
Giuseppe