Greetings, * Rocco Kreutz (r.kreutz@xxxxxxxxxxxxx) wrote: > It must be LDAP, because the users need to use a shortened diffrent login, > which is stored in ad You can map users using pg_ident.conf, there's no need to use LDAP to have a different login name in the database, and it's not secure to use LDAP. When LDAP is used, the user's credentials are seen by the server in the clear (and there's not really anything you can do about that, it's the nature of that auth method) and therefore if the DB server is compromised then everyone's credentials who logs into the DB server will also be compromised (TLS/SSL doesn't help because that only protects traffic across the network). Thanks, Stephen
Attachment:
signature.asc
Description: PGP signature
