| From: | Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at> |
|---|---|
| To: | Häfliger Guido *EXTERN* <guido(dot)haefliger(at)vogelwarte(dot)ch>, "pgsql-admin(at)postgresql(dot)org" <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: pg_service and ldap |
| Date: | 2015-11-26 20:07:04 |
| Message-ID: | A737B7A37273E048B164557ADEF4A58B50FEB967@ntex2010i.host.magwien.gv.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Häfliger Guido wrote:
> I would like to configure pg_service.conf with an ldap-url so that pg_service takes the login
> informations from a Windows Domain Server (windows-client is connected to the domain).
> The database is running on a linux server where pam-authentification is configured.
> I want omit that the user have to login another time when he connect to the database.
> Is this possible? If yes, can somebody give me a hint how to set the ldap-url?
pg_service.conf cannot help you with authentication, it helps you to map a
symbolic database name to the actual connection parameters.
The only difference when you use an LDAP URL is that the connection data are
not stored locally on the client, but on an LDAP server.
You could theoretically store the clear text password on the LDAP server and
use it for authentiction, but that would be a very bad idea since the LDAP server
must be configured for anonymous bind.
Think of it as a kind of public phone book.
If you want single sign-on on Windows, you should look into SSPI authentication:
http://www.postgresql.org/docs/9.4/static/auth-methods.html#SSPI-AUTH
Yours,
Laurenz Albe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Achilleas Mantzios | 2015-11-27 09:49:18 | Lotus Notes FDW? |
| Previous Message | Häfliger Guido | 2015-11-26 18:56:56 | pg_service and ldap |