Thread: postgres and ldap

Hi

I have started to use ldap for user authentication on my systems.

1 is it possible to get postgres to authenticate against ldap
2 is it advisable to do this ?



Alex

> Hi
>
> I have started to use ldap for user authentication on my systems.
>
> 1 is it possible to get postgres to authenticate against ldap

Yes. With current releases you can do this with PAM, assuming you're on
a platform that can do PAM. If your platform can't do PAM (for example,
Windows), you can't do LDAP auth.

8.2 will have direct LDAP authentication without PAM.


> 2 is it advisable to do this ?

Sure, I see no reason why not. Beware of insecure password transports
though - you'll need to use SSL/TLS or similar to secure the connection
if you're going across insecure networks.

//Magnus

"Magnus Hagander" <mha@sollentuna.net> writes:
> 8.2 will have direct LDAP authentication without PAM.

That code's going to go away real soon if some documentation doesn't
show up.  I can't believe Bruce was sloppy enough to accept a feature
patch with zero documentation.

            regards, tom lane

> > 8.2 will have direct LDAP authentication without PAM.
>
> That code's going to go away real soon if some documentation
> doesn't show up.  I can't believe Bruce was sloppy enough to
> accept a feature patch with zero documentation.

?? I thought I had sent in the docs for that. Will dig through my notes
when I get home to resubmit. (I have certainly written it, because my
local docs copy has it!)

//Magnus

> > > 8.2 will have direct LDAP authentication without PAM.
> >
> > That code's going to go away real soon if some
> documentation doesn't
> > show up.  I can't believe Bruce was sloppy enough to accept
> a feature
> > patch with zero documentation.
>
> ?? I thought I had sent in the docs for that. Will dig
> through my notes when I get home to resubmit. (I have
> certainly written it, because my local docs copy has it!)

Actually, the docs *were* submitted. See
http://archives.postgresql.org/pgsql-patches/2005-12/msg00375.php.
Applied per
http://archives.postgresql.org/pgsql-patches/2006-03/msg00080.php, I
think it's just the docs that were missed.

I don't recall any feedback about updating them, so I think that patch
still stands.

//Magnus

"Magnus Hagander" <mha@sollentuna.net> writes:
> Actually, the docs *were* submitted. See
> http://archives.postgresql.org/pgsql-patches/2005-12/msg00375.php.
> Applied per
> http://archives.postgresql.org/pgsql-patches/2006-03/msg00080.php, I
> think it's just the docs that were missed.

Ah.  I had found the docs-less commit but didn't go looking through patches.
Will gather up the docs and apply unless Bruce beats me to it.  Thanks.

            regards, tom lane

Doc patch applied. I must have missed the second attachment.

---------------------------------------------------------------------------

Tom Lane wrote:
> "Magnus Hagander" <mha@sollentuna.net> writes:
> > Actually, the docs *were* submitted. See
> > http://archives.postgresql.org/pgsql-patches/2005-12/msg00375.php.
> > Applied per
> > http://archives.postgresql.org/pgsql-patches/2006-03/msg00080.php, I
> > think it's just the docs that were missed.
>
> Ah.  I had found the docs-less commit but didn't go looking through patches.
> Will gather up the docs and apply unless Bruce beats me to it.  Thanks.
>
>             regards, tom lane
>
> ---------------------------(end of broadcast)---------------------------
> TIP 6: explain analyze is your friend
>

--
  Bruce Momjian   http://candle.pha.pa.us
  EnterpriseDB    http://www.enterprisedb.com

  + If your life is a hard drive, Christ can be your backup. +