Greetings, * Lentes, Bernd (bernd.lentes@xxxxxxxxxxxxxxxxxxxxx) wrote: > i created a Postgres Server 9.6 on a SLES 12 SP3 box. In our institution we have a Windows ADS which i like to use to authenticate users via LDAP. For running PostgreSQL in a Windows ADS environment, you should really be using GSSAPI / Kerberos and *not* using LDAP authentication. GSSAPI / Kerberos is what Windows uses to authenticate users and services and it's much more secure than using LDAP. > Is it possible to use both concurrently ? Some users autheticate via LDAP, others local. As Tom mentioned, you can have two pg_hba.conf entries. For what you're doing, it seems like maybe you would have a 'local user' group which comes first in pg_hba.conf and is a role that all local users are a member of, and then you could have a second entry that is 'all' users, so you don't have to have every user in the active directory environment in a group in the database. Thanks! Stephen
Attachment:
signature.asc
Description: PGP signature
