Greetings, * Emile Amewoto (emileam@xxxxxxxxx) wrote: > Here is the high level process: > 1- Create the user x without password in Postgres. > 2- Assign role or roles to the user x > 3- Update pg_hba.conf with the ldap connection link. > > You might need cert for the ldap to connect to AD, assuming you are using AD. If you're using AD, you should *really* be using Kerberos/gssapi for your authentication and *not* LDAP. LDAP is insecure as it involves passing around the user's credentials which is extremely bad practice and is strongly discouraged. LDAP auth also involves in-line round trips to the LDAP server which can delay or even fail database connections in the event that the LDAP server is even temporarily unavailable. Thanks, Stephen
Attachment:
signature.asc
Description: PGP signature
