Greetings, * Diego (mrstephenamell@xxxxxxxxx) wrote: > I have a problem with ldap authentication, I have a ldap string like this: > > host all all 0.0.0.0/0 ldap ldapserver="10.20.90.251 > 10.20.90.252 10.10.90.251 10.10.90.252" ldapport=389... > > It is correct? if the firs server is down, pg will go to the next one to > continue authenticating? Yes, that looks like it should work- is it not? > It's a pg11 and ldap is an ipa server Note that with an IPA setup, similar to if you were running Active Directory, you have Kerberos and a KDC available, which is a much better authentication mechanism that removes the need for the database sever to reach out to another system to handle the authentication, and avoids having the user's password sent to the database server. You might want to consider using that (which is called 'gssapi' in PostgreSQL, which is basically generalized Kerberos) instead of LDAP. Thanks, Stephen
Attachment:
signature.asc
Description: PGP signature
