Dear Admin's,
I think it's the similar issue mentioned in the Link, is there a way that all users can be authenticated by just putting the last part of the suffix or something ?
I am not a postgres expert and struggling with postgres AD authentication on my windows server. Any help will be highly appreciated.
My users spread across different AD Organization Units
If I put pg_hba entry like below , it will search for all users in the first container and stop the search there.All users in the first container will be authenticated and can access the db.
I think that the expected behavior since i put "all" for users
host all all all ldap ldapserver=adserver1.mycomp.com ldapprefix="cn=" ldapsuffix=",OU=appusers,DC=mycomp,DC=com"host all all all ldap ldapserver=adserver1.mycomp.com ldapprefix="cn=" ldapsuffix=",OU=dbusers,OU=Users,OU=mycomp,DC=mycomp,DC=com"host all all all ldap ldapserver=adserver1.mycomp.com ldapprefix="cn=" ldapsuffix=",OU=testers,OU=mycomp,DC=mycomp,DC=com"
If i put it like below it will search in all OU's and the authentication works fine for all users in all OU's, but i have to find the users under each OU and create separate files with those user names in it.
host all @LDAP.OU.APPUSERScontainerallusr.txt all ldap ldapserver=adserver1.mycomp.com ldapprefix="cn=" ldapsuffix=",OU=appusers,DC=mycomp,DC=com"host all @LDAP.OU.DBUSERScontainerallusr.txt all ldap ldapserver=adserver1.mycomp.com ldapprefix="cn=" ldapsuffix=",OU=dbusers,OU=Users,OU=mycomp,DC=mycomp,DC=com"host all @LDAP.OU.TESTERScontainerallusr.txt all ldap ldapserver=adserver1.mycomp.com ldapprefix="cn=" ldapsuffix=",OU=testers,OU=mycomp,DC=mycomp,DC=com"
Thanks in Advance
Sri
