Greetings,
* Emile Amewoto (emileam@yahoo.com) wrote:
> Here is the high level process:
> 1- Create the user x without password in Postgres.
> 2- Assign role or roles to the user x
> 3- Update pg_hba.conf with the ldap connection link.
>
> You might need cert for the ldap to connect to AD, assuming you are using AD.
If you're using AD, you should *really* be using Kerberos/gssapi for
your authentication and *not* LDAP. LDAP is insecure as it involves
passing around the user's credentials which is extremely bad practice
and is strongly discouraged. LDAP auth also involves in-line round
trips to the LDAP server which can delay or even fail database
connections in the event that the LDAP server is even temporarily
unavailable.
Thanks,
Stephen
