Greetings,
* Lentes, Bernd (bernd.lentes@helmholtz-muenchen.de) wrote:
> i created a Postgres Server 9.6 on a SLES 12 SP3 box. In our institution we have a Windows ADS which i like to use to
authenticateusers via LDAP.
For running PostgreSQL in a Windows ADS environment, you should really
be using GSSAPI / Kerberos and *not* using LDAP authentication.
GSSAPI / Kerberos is what Windows uses to authenticate users and
services and it's much more secure than using LDAP.
> Is it possible to use both concurrently ? Some users autheticate via LDAP, others local.
As Tom mentioned, you can have two pg_hba.conf entries. For what you're
doing, it seems like maybe you would have a 'local user' group which
comes first in pg_hba.conf and is a role that all local users are a
member of, and then you could have a second entry that is 'all' users,
so you don't have to have every user in the active directory environment
in a group in the database.
Thanks!
Stephen