Re: Ldap config for Active Directory

Why do you say that you can't use kerberos w/ apps?

Note that using ldap auth means sending the user's password to the PG

server in cleartext, which is extremely insecure and means that a

compromised PG server could be used to steal the credentials of any user

logging in using this method.

Greetings,

* Sylvain Deveaux (Sylvain.Deveaux@niwa.co.nz) wrote:

We have to use LDAP in our AD environment, Users could use Kerberos but service accounts used by Apps can't.

Why do you say that you can't use kerberos w/ apps?

host all +ldap_roles 192.168.0.0/16 ldap ldapurl="ldap://ldap.service:636/ou=AdminOU,dc=domain,dc=org?sAMAccountName?sub" ldapbinddn="cn=postgres_bind,ou=level1,ou=level2,dc=domain,dc=org" ldapbindpasswd="password"

Note that using ldap auth means sending the user's password to the PG

server in cleartext, which is extremely insecure and means that a

compromised PG server could be used to steal the credentials of any user

logging in using this method.

Thanks,

Stephen

Sylvain Deveaux Senior Systems Engineer +64-4-386-0861 +64-21-123-7933 National Institute of Water & Atmospheric Research Ltd (NIWA) 301 Evans Bay Parade, Greta Point Wellington New Zealand Connect with NIWA: niwa.co.nz Facebook LinkedIn Twitter Instagram