Greetings,
* Paul Förster (paul.foerster@gmail.com) wrote:
> I found this because I'm in the process of making our Linux LDAP servers obsolete by reconfiguring PostgreSQL to use
ourcompany Windows Active Directory LDAPS service.
When in an Active Directory environment, it's far more secure to use
Kerberos/GSSAPI and not LDAP (or LDAPS). Using the ldap authentication
method with PostgreSQL will result in the credentials of users being
sent to the database server, such that if the database server is
compromised so will all of those user accounts.
Thanks,
Stephen