RE: integrate Postgres Users Authentication with our own LDAP Server

We want to setup ldap authentication in pg_hba.conf, for Postgresql users(other than postgres super user).

We are getting issue with special characters by following steps given in postgres documentation.
It is not accepting any special characters as special characters are mandatory in our use case.

Can you please help us or have you any steps by which we can configure any postgres with LDAP?
-----Original Message-----
From: Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>
Sent: Thursday, May 9, 2019 12:12 PM
To: M Tarkeshwar Rao <m(dot)tarkeshwar(dot)rao(at)ericsson(dot)com>; pgsql-general <pgsql-general(at)lists(dot)postgresql(dot)org>; 'postgres-discuss(at)mailman(dot)lmera(dot)ericsson(dot)se' <postgres-discuss(at)mailman(dot)lmera(dot)ericsson(dot)se>; 'pgsql-general(at)postgresql(dot)org' <pgsql-general(at)postgresql(dot)org>; pgsql-performance(at)postgresql(dot)org; pgsql-hackers(at)postgresql(dot)org; 'pgsql-hackers-owner(at)postgresql(dot)org' <pgsql-hackers-owner(at)postgresql(dot)org>; Aashish Nagpaul <aashish(dot)nagpaul(at)ericsson(dot)com>
Subject: Re: integrate Postgres Users Authentication with our own LDAP Server

On Thu, 2019-05-09 at 04:51 +0000, M Tarkeshwar Rao wrote:
> We would need to integrate Postgres Users Authentication with our own LDAP Server.
>
> Basically as of now we are able to login to Postgress DB with a user/password credential.
>
> [roles "pg_signal_backend" and "postgres"]
>
> These user objects are the part of Postgres DB server. Now we want that these users should be authenticated by LDAP server.
> We would want the authentication to be done with LDAP, so basically
> the user credentials should be store in LDAP server
>
> Can you mention the prescribed steps in Postgres needed for this integration with LDAP Server?

LDAP authentication is well documented:
https://www.postgresql.org/docs/current/auth-ldap.html

But I don't think you are on the right track.

"pg_signal_backend" cannot login, it is a role to which you add a login user to give it certain privileges. So you don't need to authenticate the role.

"postgres" is the installation superuser. If security is important for you, you won't set a password for that user and you won't allow remote logins with that user.

But for your application users LDAP authentication is a fine thing, and not hard to set up if you know a little bit about LDAP.

Yours,
Laurenz Albe
--
Cybertec | https://protect2.fireeye.com/url?k=4f372c5d-13a52101-4f376cc6-0cc47ad93d46-aed009fdc0b3e18f&u=https://www.cybertec-postgresql.com/