Re: How to setup Active Directory users in Postgres 9.3.11

Hello Giuseppe,

Thank you for your reply. After obtaining more information from our network personnel and a little trial and error, I was able to get the pg_hba.conf file edited correctly specifying ldap authentication against our Active Directory domain and users can now connect. Your second example was very close to what I needed.

Thank you,

Wyatt Sanford
Database Administrator
Mississippi Department of Revenue

-----Original Message-----
From: pgsql-general-owner(at)postgresql(dot)org [mailto:pgsql-general-owner(at)postgresql(dot)org] On Behalf Of Giuseppe Sacco
Sent: Thursday, March 10, 2016 5:20 AM
To: pgsql-general(at)postgresql(dot)org
Subject: Re: [GENERAL] How to setup Active Directory users in Postgres 9.3.11

Hello Wyatt,

Il giorno mer, 09/03/2016 alle 14.35 +0000, Wyatt Sanford ha scritto:
> I have recently been tasked with installing Postgres 9.3.11 on a
> Windows 2012 R2 server on Active Directory and restoring backups from
> a Linux server running Postgres 9.3.11. I have all of the databases
> restored to the windows server and now I need to set up access for
> users on Active Directory. I’ve read a few things online, but did not
> find any good examples. I know that you have to add login roles
[...]
> ports. Can anyone give me some examples of the entries I need to add
> to the pg_hba.conf file or point me to some examples on the web.

I found the documentation on the web site quite good. These are two examples I use every day for authenticating postgres users to a remote
AD:

host neos all 127.0.0.1/32 ldap ldapserver=ipaddress ldapbasedn="OU=xxx,DC=yyy,DC=local" ldapbinddn="CN=uuu,OU=xxx,DC=yyy,DC=local" ldapbindpasswd=password ldapsearchattribute=sAMAccountName
host neos all 10.42.112.0/24 ldap ldapserver=ipaddress ldapprefix="cn=" ldapsuffix=", ou=Users, ou=xxxx, dc=yyy, dc=local"

The first uses a special account for connecting and looking for sAMAccountName before checking credentials, the second one connect directly with specified credentials.

Please note, that beside importing all databases, you should also import "globals" that contains all role definitions.

More info, for postgres 9.3, on the web site http://www.postgresql.org/docs/9.3/interactive/auth-methods.html#AUTH-LDAP

More info about moving globals
http://www.postgresql.org/docs/9.3/static/app-pg-dumpall.html

Please note that postgresql connect to AD, it is not the other way around.

Bye,
Giuseppe

--
Sent via pgsql-general mailing list (pgsql-general(at)postgresql(dot)org) To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general

DISCLAIMER : This e-mail transmission is intended for the use of the individual or entity addressed and may contain protected confidential information. If you are not the intended recipient or the employee or agent responsible for delivering the transmission to the intended recipient, any dissemination, forwarding, printing, distribution, copying or use of this transmission is strictly prohibited. If you have received this transmission in error, please notify the sender and delete this transmission.