Re: LDAP Configuration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2020-04-01 at 10:29 +0000, Anjul Tyagi wrote:
> we are implementing the LDAP authentication and we are able to connect with LDAP and able to
> authenticate the user with that. However we have 2 type of users, one - corporate users and
> available of Active Directory and second application user, which is used by different
> application to connect with database. 
> 
> Below entry i did in the pg_hba.conf file, if i create user in DB (similar exist on AD) it works.
> However if i create one user with password, it calls the LDAP server for authentication
> and fails as it does not exists in AD. 
> 
> host    all             all       0.0.0.0/0            ldap ldapserver=<LDAL Server> ldapbasedn="OU=Corporate,DC=etch,dc=com" ldapbinddn="CN=AdSyncAcct,OU=Service Accounts,DC=etch,DC=com"
> ldapbindpasswd="Password" ldapsearchattribute="sAMAccountName"
> 
> we are using the postgres 10.10 version. 
> 
> can you please suggest the pg_hba.conf file entry, that will help us to authenticate the users
> from LDAP and from postgres as well. 

Create a NOLOGIN role "ldapusers" in PostgreSQL and assign the users to authenticate
with LDAP to that group.

Then use two lines in pg_hba.conf:

host  all  +ldapusers 0.0.0.0/0  ldap ...
host  all  all        0.0.0.0/0  scram-sha-256

All users in the "ldapusers" group will be authenticated with LDAP,
and the others will "fall through" to the password authentication.

Yours,
Laurenz Albe
-- 
Cybertec | https://www.cybertec-postgresql.com






[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux