| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Sylvain Deveaux <Sylvain(dot)Deveaux(at)niwa(dot)co(dot)nz> |
| Cc: | "pgsql-admin(at)lists(dot)postgresql(dot)org" <pgsql-admin(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Ldap config for Active Directory |
| Date: | 2022-09-15 19:16:46 |
| Message-ID: | YyN6HuBhtzaObYLR@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Greetings,
* Sylvain Deveaux (Sylvain(dot)Deveaux(at)niwa(dot)co(dot)nz) wrote:
> We have to use LDAP in our AD environment, Users could use Kerberos but service accounts used by Apps can't.
Why do you say that you can't use kerberos w/ apps?
> host all +ldap_roles 192.168.0.0/16 ldap ldapurl="ldap://ldap.service:636/ou=AdminOU,dc=domain,dc=org?sAMAccountName?sub" ldapbinddn="cn=postgres_bind,ou=level1,ou=level2,dc=domain,dc=org" ldapbindpasswd="password"
Note that using ldap auth means sending the user's password to the PG
server in cleartext, which is extremely insecure and means that a
compromised PG server could be used to steal the credentials of any user
logging in using this method.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Sylvain Deveaux | 2022-09-15 21:46:47 | Re: Ldap config for Active Directory |
| Previous Message | Laurenz Albe | 2022-09-15 08:18:33 | Re: Local parent table and Foreign table(s) as partition(s), is it possible? |