Re: LDAP Configuration

Thanks Laurenz Albe!!!

I did the same and it worked for me...

Regards,

Anjul TYAGI

ü Go Green

------ Original Message ------
From: "Laurenz Albe" <laurenz(dot)albe(at)cybertec(dot)at>
To: "Anjul Tyagi" <anjul(at)ibosstech-us(dot)com>; "pgsql-admin"
<pgsql-admin(at)postgresql(dot)org>
Sent: 4/1/2020 5:03:04 PM
Subject: Re: LDAP Configuration

>On Wed, 2020-04-01 at 10:29 +0000, Anjul Tyagi wrote:
>> we are implementing the LDAP authentication and we are able to connect with LDAP and able to
>> authenticate the user with that. However we have 2 type of users, one - corporate users and
>> available of Active Directory and second application user, which is used by different
>> application to connect with database.
>>
>> Below entry i did in the pg_hba.conf file, if i create user in DB (similar exist on AD) it works.
>> However if i create one user with password, it calls the LDAP server for authentication
>> and fails as it does not exists in AD.
>>
>> host all all 0.0.0.0/0 ldap ldapserver=<LDAL Server> ldapbasedn="OU=Corporate,DC=etch,dc=com" ldapbinddn="CN=AdSyncAcct,OU=Service Accounts,DC=etch,DC=com"
>> ldapbindpasswd="Password" ldapsearchattribute="sAMAccountName"
>>
>> we are using the postgres 10.10 version.
>>
>> can you please suggest the pg_hba.conf file entry, that will help us to authenticate the users
>> from LDAP and from postgres as well.
>
>Create a NOLOGIN role "ldapusers" in PostgreSQL and assign the users to authenticate
>with LDAP to that group.
>
>Then use two lines in pg_hba.conf:
>
>host all +ldapusers 0.0.0.0/0 ldap ...
>host all all 0.0.0.0/0 scram-sha-256
>
>All users in the "ldapusers" group will be authenticated with LDAP,
>and the others will "fall through" to the password authentication.
>
>Yours,
>Laurenz Albe
>--
>Cybertec | https://www.cybertec-postgresql.com
>