From: | "Anjul Tyagi" <anjul(at)ibosstech-us(dot)com> |
---|---|
To: | "Laurenz Albe" <laurenz(dot)albe(at)cybertec(dot)at>, pgsql-admin <pgsql-admin(at)postgresql(dot)org> |
Subject: | Re: LDAP Configuration |
Date: | 2020-04-01 11:49:47 |
Message-ID: | em0e2934f7-678a-4373-b924-6ebb41e70abe@iboss01108 |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
Thanks Laurenz Albe!!!
I did the same and it worked for me...
Regards,
Anjul TYAGI
ü Go Green
------ Original Message ------
From: "Laurenz Albe" <laurenz(dot)albe(at)cybertec(dot)at>
To: "Anjul Tyagi" <anjul(at)ibosstech-us(dot)com>; "pgsql-admin"
<pgsql-admin(at)postgresql(dot)org>
Sent: 4/1/2020 5:03:04 PM
Subject: Re: LDAP Configuration
>On Wed, 2020-04-01 at 10:29 +0000, Anjul Tyagi wrote:
>> we are implementing the LDAP authentication and we are able to connect with LDAP and able to
>> authenticate the user with that. However we have 2 type of users, one - corporate users and
>> available of Active Directory and second application user, which is used by different
>> application to connect with database.
>>
>> Below entry i did in the pg_hba.conf file, if i create user in DB (similar exist on AD) it works.
>> However if i create one user with password, it calls the LDAP server for authentication
>> and fails as it does not exists in AD.
>>
>> host all all 0.0.0.0/0 ldap ldapserver=<LDAL Server> ldapbasedn="OU=Corporate,DC=etch,dc=com" ldapbinddn="CN=AdSyncAcct,OU=Service Accounts,DC=etch,DC=com"
>> ldapbindpasswd="Password" ldapsearchattribute="sAMAccountName"
>>
>> we are using the postgres 10.10 version.
>>
>> can you please suggest the pg_hba.conf file entry, that will help us to authenticate the users
>> from LDAP and from postgres as well.
>
>Create a NOLOGIN role "ldapusers" in PostgreSQL and assign the users to authenticate
>with LDAP to that group.
>
>Then use two lines in pg_hba.conf:
>
>host all +ldapusers 0.0.0.0/0 ldap ...
>host all all 0.0.0.0/0 scram-sha-256
>
>All users in the "ldapusers" group will be authenticated with LDAP,
>and the others will "fall through" to the password authentication.
>
>Yours,
>Laurenz Albe
>--
>Cybertec | https://www.cybertec-postgresql.com
>
From | Date | Subject | |
---|---|---|---|
Next Message | Stephen Frost | 2020-04-01 13:19:17 | Re: LDAP Configuration |
Previous Message | Laurenz Albe | 2020-04-01 11:33:04 | Re: LDAP Configuration |