v10.17 (build: May 28 2024) |
|
LDAP for PostgreSQLIn order to be able to log into the PostgreSQL database with logins from AD (via LDAP), you need to make a number of settings.On the LDAP server (usually a domain controller): For an unsecured connection, it is enough to open the TCP 389 port, for a secure (LDAPS) - TCP 636 and install an SSL certificate (not considered here). In the "pg_hba.conf" file of SQL-server: First of all, you need to allow non-domain users to login with a SQL password (for compatibility), and critical important to do this for the internal server user of the complex stkhintuser. You can also leave the login postgres and others. For all other users, LDAP integration must be enabled. Accordingly, the order of the lines matters! Below is an example: # TYPE DATABASE USER ADDRESS METHOD # postgres login: host all postgres 0.0.0.0/0 scram-sha-256 host all postgres ::/0 scram-sha-256 # internal user login: host stkh stkhintuser 0.0.0.0/0 scram-sha-256 host stkh stkhintuser ::/0 scram-sha-256 # for LDAP (non-secure): host all all 0.0.0.0/0 ldap ldapserver="dc1.mydomain.company.org" ldapprefix="" host all all ::/0 ldap ldapserver="dc1.mydomain.company.org" ldapprefix="" # for LDAPS (SSL-secured), option 1: host all all 0.0.0.0/0 ldap ldapserver="dc1.mydomain.company.org" ldapprefix="" ldaptls=1 host all all ::/0 ldap ldapserver="dc1.mydomain.company.org" ldapprefix="" ldaptls=1 # for LDAPS (SSL-secured), or alternate option 2: host all all 0.0.0.0/0 ldap ldapserver="dc1.mydomain.company.org" ldapprefix="" ldapscheme=ldaps host all all ::/0 ldap ldapserver="dc1.mydomain.company.org" ldapprefix="" ldapscheme=ldapsAfter changing the settings, you need to restart the SQL server service! Next, to log in, you need to use the username in the format NETBIOS_DOMAIN\username (for example, MYDOMAIN\john.smith for the domain mydomain.company.org) |
|
© Scopd |