Search Postgresql Archives

Re: pg_hba & ldap

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Greetings,

* Diego (mrstephenamell@xxxxxxxxx) wrote:
> I have a problem with ldap authentication, I have a ldap string like this:
> 
> host all             all             0.0.0.0/0 ldap ldapserver="10.20.90.251
> 10.20.90.252 10.10.90.251 10.10.90.252" ldapport=389...
> 
> It is correct? if the firs server is down, pg will go to the next one to
> continue authenticating?

Yes, that looks like it should work- is it not?

> It's a pg11 and ldap is an ipa server

Note that with an IPA setup, similar to if you were running Active
Directory, you have Kerberos and a KDC available, which is a much better
authentication mechanism that removes the need for the database sever to
reach out to another system to handle the authentication, and avoids
having the user's password sent to the database server.  You might want
to consider using that (which is called 'gssapi' in PostgreSQL, which is
basically generalized Kerberos) instead of LDAP.

Thanks,

Stephen

Attachment: signature.asc
Description: PGP signature


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux