Greetings,
* Bernd Lentes (bernd(dot)lentes(at)helmholtz-muenchen(dot)de) wrote:
> i'm trying to use LDAP to authenticate Postgres against a Windows AD. On elder versions it succeeded.
You really shouldn't use the 'ldap' auth method in PostgreSQL as it
involves passing around a cleartext password to work.
With Windows AD, you can use Kerberos which is what all of the Microsoft
applications use for authentication too, avoids users having to ever
enter in their password, avoids having users end up saving their domain
password into cliet tools like pgAdmin, and is just overall far, far,
better and much more secure.
Note that in PostgreSQL, the Kerberos auth method is 'gssapi'.
Thanks,
Stephen