| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Emile Amewoto <emileam(at)yahoo(dot)com> |
| Cc: | Roger Tannous <roger(dot)tannous(at)gmail(dot)com>, pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: LDAP Authentication |
| Date: | 2023-08-24 19:06:58 |
| Message-ID: | ZOeqUuGbYOyA7KCy@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Greetings,
* Emile Amewoto (emileam(at)yahoo(dot)com) wrote:
> Here is the high level process:
> 1- Create the user x without password in Postgres.
> 2- Assign role or roles to the user x
> 3- Update pg_hba.conf with the ldap connection link.
>
> You might need cert for the ldap to connect to AD, assuming you are using AD.
If you're using AD, you should *really* be using Kerberos/gssapi for
your authentication and *not* LDAP. LDAP is insecure as it involves
passing around the user's credentials which is extremely bad practice
and is strongly discouraged. LDAP auth also involves in-line round
trips to the LDAP server which can delay or even fail database
connections in the event that the LDAP server is even temporarily
unavailable.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2023-08-24 19:08:44 | Re: Will PostgreSQL 16 supports native transparent data encryption ? |
| Previous Message | Tom Lane | 2023-08-24 19:02:29 | Re: Materialized view refreshing problem |