Il giorno mar 3 dic 2019 alle ore 21:35 Stephen Frost <sfrost@snowman.net> ha scritto:
Greetings,
* Marco Cuccato (mcuccato.vts@gmail.com) wrote: > unfortunately I cannot modify the company's LDAP server configuration.
Note that if you're working in an Active Directory environment, you should really be considering Kerberos/GSSAPI instead of LDAP for your authentication. Using PostgreSQL's "ldap" auth method means that the user's password is sent to, and read by, the PostgreSQL server, which isn't really very secure.
You'll definitely also want to be using SSL/TLS between the PostgreSQL client system and the PostgreSQL server, but that doesn't help you if the PostgreSQL server itself is compromised.
