Home > mailing lists

Re: LDAP Authentication - Mailing list pgsql-general

From	Stephen Frost
Subject	Re: LDAP Authentication
Date	August 24, 2023 22:06:58
Msg-id	ZOeqUuGbYOyA7KCy@tamriel.snowman.net Whole thread Raw
In response to	Re: LDAP Authentication (Emile Amewoto <emileam@yahoo.com>)
Responses	Re: LDAP Authentication (Dominique Devienne <ddevienne@gmail.com>)
List	pgsql-general

Tree view

Greetings,

* Emile Amewoto (emileam@yahoo.com) wrote:
> Here is the high level  process:
> 1- Create the user x without password in Postgres.
> 2- Assign  role or roles to the user x
> 3- Update pg_hba.conf with the ldap connection link.
>
> You might need cert for the ldap to connect to AD, assuming you are using AD.

If you're using AD, you should *really* be using Kerberos/gssapi for
your authentication and *not* LDAP.  LDAP is insecure as it involves
passing around the user's credentials which is extremely bad practice
and is strongly discouraged.  LDAP auth also involves in-line round
trips to the LDAP server which can delay or even fail database
connections in the event that the LDAP server is even temporarily
unavailable.

Thanks,

Stephen

Attachment

signature.asc

pgsql-general by date:

From: Tom Lane
Date: 24 August 2023, 22:02:29
Subject: Re: Materialized view refreshing problem

From: Stephen Frost
Date: 24 August 2023, 22:08:44
Subject: Re: Will PostgreSQL 16 supports native transparent data encryption ?

Re: LDAP Authentication - Mailing list pgsql-general

Attachment

Previous

Next