Greetings, * Sylvain Deveaux (Sylvain.Deveaux@xxxxxxxxxx) wrote: > We have to use LDAP in our AD environment, Users could use Kerberos but service accounts used by Apps can't. Why do you say that you can't use kerberos w/ apps? > host all +ldap_roles 192.168.0.0/16 ldap ldapurl="ldap://ldap.service:636/ou=AdminOU,dc=domain,dc=org?sAMAccountName?sub"; ldapbinddn="cn=postgres_bind,ou=level1,ou=level2,dc=domain,dc=org" ldapbindpasswd="password" Note that using ldap auth means sending the user's password to the PG server in cleartext, which is extremely insecure and means that a compromised PG server could be used to steal the credentials of any user logging in using this method. Thanks, Stephen
Attachment:
signature.asc
Description: PGP signature
