Don,
* Don Seiler (don@seiler.us) wrote:
> Long-term I'm hoping to get our PG databases talking to our LDAP, there's a
> few internal issues and priorities that have that on the back burner for
> now.
As I understand it, you're in an Active Directory environment, where
what you really want to be using for authentication is Kerberos / GSSAPI,
not LDAP. With LDAP, the password is still sent to the PG server in
cleartext during the authentication and that's entirely unnecessary in
an Active Directory environment where you have a Kerberos realm already
in place.
Thanks!
Stephen