Thanks Laurenz Albe!!!
I did the same and it worked for me...
Regards,
Anjul TYAGI
ü Go Green
------ Original Message ------
From: "Laurenz Albe" <laurenz.albe@xxxxxxxxxxx>
To: "Anjul Tyagi" <anjul@xxxxxxxxxxxxxxxx>; "pgsql-admin" <pgsql-admin@xxxxxxxxxxxxxx>
Sent: 4/1/2020 5:03:04 PM
Subject: Re: LDAP Configuration
On Wed, 2020-04-01 at 10:29 +0000, Anjul Tyagi wrote:we are implementing the LDAP authentication and we are able to connect with LDAP and able toauthenticate the user with that. However we have 2 type of users, one - corporate users andavailable of Active Directory and second application user, which is used by differentapplication to connect with database.Below entry i did in the pg_hba.conf file, if i create user in DB (similar exist on AD) it works.However if i create one user with password, it calls the LDAP server for authenticationand fails as it does not exists in AD.host all all 0.0.0.0/0 ldap ldapserver=<LDAL Server> ldapbasedn="OU=Corporate,DC=etch,dc=com" ldapbinddn="CN=AdSyncAcct,OU=Service Accounts,DC=etch,DC=com"ldapbindpasswd="Password" ldapsearchattribute="sAMAccountName"we are using the postgres 10.10 version.can you please suggest the pg_hba.conf file entry, that will help us to authenticate the usersfrom LDAP and from postgres as well.Create a NOLOGIN role "ldapusers" in PostgreSQL and assign the users to authenticatewith LDAP to that group.Then use two lines in pg_hba.conf:host all +ldapusers 0.0.0.0/0 ldap ...host all all 0.0.0.0/0 scram-sha-256All users in the "ldapusers" group will be authenticated with LDAP,and the others will "fall through" to the password authentication.Yours,Laurenz Albe--Cybertec | https://www.cybertec-postgresql.com
