On Mon, Dec 18, 2006 at 08:23:08PM -0600, Derrick wrote:
> I've been struggling with pam_ldap and a windows 2003 active directory
> server, trying to get postgres to authenticate against it. I'm
> wondering what the best way to get postgres to authenticate against
> windows active directory would be? I've posted the problem on the
> general mail list that I was having with pam_ldap but no response. Any
> ideas, how to's, or good links would be much appreciated, and I'm under
> a time constraint. Thanks a million in advance.
You can do this three different ways:
1) You can do it with Kerberos. This is a bit tricky to get working, but
it can be done. This will give you single-sign-on, and not just the same
password. A large downside is that this is not supported by all
interfaces, for examlpe it's not supported with JDBC or .NET.
2) You can use the native LDAP authentication that's available in 8.2. I
specifically created it to be used in one of my own Active Directory
installations, so I know it works there (thuogh it of course works with
other LDAP installs as well).
3) You can use pam_ldap. Never done that myself, but I've heard of
others having some problems with it before, so I would definitly advise
you to use option 2 for simple LDAP auth.
//Magnus