Greetings,
* Marco Cuccato (mcuccato.vts@gmail.com) wrote:
> unfortunately I cannot modify the company's LDAP server configuration.
Note that if you're working in an Active Directory environment, you
should really be considering Kerberos/GSSAPI instead of LDAP for your
authentication. Using PostgreSQL's "ldap" auth method means that the
user's password is sent to, and read by, the PostgreSQL server, which
isn't really very secure.
You'll definitely also want to be using SSL/TLS between the PostgreSQL
client system and the PostgreSQL server, but that doesn't help you if
the PostgreSQL server itself is compromised.
Thanks,
Stephen