From: | Stephen Frost <sfrost(at)snowman(dot)net> |
---|---|
To: | Gregory Nicol <Gregory(dot)Nicol(at)Medbank(dot)com(dot)mt> |
Cc: | "'pgsql-general(at)postgresql(dot)org'" <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: LDAP authentication without OU in ldapbasedn |
Date: | 2017-07-13 22:56:20 |
Message-ID: | 20170713225620.GL1769@tamriel.snowman.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Greetings,
* Gregory Nicol (Gregory(dot)Nicol(at)Medbank(dot)com(dot)mt) wrote:
> I can't seem to get LDAP Authentication working without an OU in the ldapbasedn. My users are spread across multiple OUs without a common root OU which is why I'm trying to authenticate with just the DC.
As it looks like you're working in a Microsoft Windows AD environment,
I'd strongly suggest you consider using Kerberos/GSS authentication
instead of LDAP. With LDAP, the user has to constantly re-type their
password and the password is sent to the PostgreSQL server. Neither of
these are ideal and both are avoided by simply using Kerberos, which is
what AD uses.
Authentication using LDAP really shouldn't ever be done in an
environment which has Active Directory.
Thanks!
Stephen
From | Date | Subject | |
---|---|---|---|
Next Message | ProPAAS DBA | 2017-07-14 00:32:47 | Event Trigger question |
Previous Message | Stephen Frost | 2017-07-13 22:53:41 | Re: Associating a basebackup and it's .backup WAL file |