Greetings,
* Sylvain Deveaux (Sylvain.Deveaux@niwa.co.nz) wrote:
> We have to use LDAP in our AD environment, Users could use Kerberos but service accounts used by Apps can't.
Why do you say that you can't use kerberos w/ apps?
> host all +ldap_roles 192.168.0.0/16 ldap
ldapurl="ldap://ldap.service:636/ou=AdminOU,dc=domain,dc=org?sAMAccountName?sub"
ldapbinddn="cn=postgres_bind,ou=level1,ou=level2,dc=domain,dc=org"ldapbindpasswd="password"
Note that using ldap auth means sending the user's password to the PG
server in cleartext, which is extremely insecure and means that a
compromised PG server could be used to steal the credentials of any user
logging in using this method.
Thanks,
Stephen