Re: How to setup Active Directory users in Postgres 9.3.11 - Mailing list pgsql-general
| From | Wyatt Sanford |
|---|---|
| Subject | Re: How to setup Active Directory users in Postgres 9.3.11 |
| Date | |
| Msg-id | BY2PR09MB099854FF34B593DD4DAF2654C1B50@BY2PR09MB0998.namprd09.prod.outlook.com Whole thread Raw |
| In response to | Re: How to setup Active Directory users in Postgres 9.3.11 (Giuseppe Sacco <giuseppe@eppesuigoccas.homedns.org>) |
| List | pgsql-general |
Hello Giuseppe, Thank you for your reply. After obtaining more information from our network personnel and a little trial and error, I wasable to get the pg_hba.conf file edited correctly specifying ldap authentication against our Active Directory domain andusers can now connect. Your second example was very close to what I needed. Thank you, Wyatt Sanford Database Administrator Mississippi Department of Revenue -----Original Message----- From: pgsql-general-owner@postgresql.org [mailto:pgsql-general-owner@postgresql.org] On Behalf Of Giuseppe Sacco Sent: Thursday, March 10, 2016 5:20 AM To: pgsql-general@postgresql.org Subject: Re: [GENERAL] How to setup Active Directory users in Postgres 9.3.11 Hello Wyatt, Il giorno mer, 09/03/2016 alle 14.35 +0000, Wyatt Sanford ha scritto: > I have recently been tasked with installing Postgres 9.3.11 on a > Windows 2012 R2 server on Active Directory and restoring backups from > a Linux server running Postgres 9.3.11. I have all of the databases > restored to the windows server and now I need to set up access for > users on Active Directory. I’ve read a few things online, but did not > find any good examples. I know that you have to add login roles [...] > ports. Can anyone give me some examples of the entries I need to add > to the pg_hba.conf file or point me to some examples on the web. I found the documentation on the web site quite good. These are two examples I use every day for authenticating postgresusers to a remote AD: host neos all 127.0.0.1/32 ldap ldapserver=ipaddress ldapbasedn="OU=xxx,DC=yyy,DC=local" ldapbinddn="CN=uuu,OU=xxx,DC=yyy,DC=local"ldapbindpasswd=password ldapsearchattribute=sAMAccountName host neos all 10.42.112.0/24 ldap ldapserver=ipaddress ldapprefix="cn=" ldapsuffix=", ou=Users, ou=xxxx, dc=yyy, dc=local" The first uses a special account for connecting and looking for sAMAccountName before checking credentials, the second oneconnect directly with specified credentials. Please note, that beside importing all databases, you should also import "globals" that contains all role definitions. More info, for postgres 9.3, on the web site http://www.postgresql.org/docs/9.3/interactive/auth-methods.html#AUTH-LDAP More info about moving globals http://www.postgresql.org/docs/9.3/static/app-pg-dumpall.html Please note that postgresql connect to AD, it is not the other way around. Bye, Giuseppe -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general DISCLAIMER : This e-mail transmission is intended for the use of the individual or entity addressed and may contain protectedconfidential information. If you are not the intended recipient or the employee or agent responsible for deliveringthe transmission to the intended recipient, any dissemination, forwarding, printing, distribution, copying or useof this transmission is strictly prohibited. If you have received this transmission in error, please notify the senderand delete this transmission.
pgsql-general by date: