Quick Links

Re: integrate Postgres Users Authentication with our own LDAP Server

From:	Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>
To:	M Tarkeshwar Rao <m(dot)tarkeshwar(dot)rao(at)ericsson(dot)com>, pgsql-general <pgsql-general(at)lists(dot)postgresql(dot)org>, "'postgres-discuss(at)mailman(dot)lmera(dot)ericsson(dot)se'" <postgres-discuss(at)mailman(dot)lmera(dot)ericsson(dot)se>, "'pgsql-general(at)postgresql(dot)org'" <pgsql-general(at)postgresql(dot)org>, "pgsql-performance(at)postgresql(dot)org" <pgsql-performance(at)postgresql(dot)org>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, "'pgsql-hackers-owner(at)postgresql(dot)org'" <pgsql-hackers-owner(at)postgresql(dot)org>, Aashish Nagpaul <aashish(dot)nagpaul(at)ericsson(dot)com>
Subject:	Re: integrate Postgres Users Authentication with our own LDAP Server
Date:	2019-05-09 06:42:28
Message-ID:	b2bc4cf1c1854c51736b448c3ad882725503e21b.camel@cybertec.at
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general pgsql-hackers pgsql-performance

On Thu, 2019-05-09 at 04:51 +0000, M Tarkeshwar Rao wrote:
> We would need to integrate Postgres Users Authentication with our own LDAP Server.
>
> Basically as of now we are able to login to Postgress DB with a user/password credential.
>
> [roles "pg_signal_backend" and "postgres"]
>
> These user objects are the part of Postgres DB server. Now we want that these users should be authenticated by LDAP server.
> We would want the authentication to be done with LDAP, so basically the user credentials should be store in LDAP server
>
> Can you mention the prescribed steps in Postgres needed for this integration with LDAP Server?

LDAP authentication is well documented:
https://www.postgresql.org/docs/current/auth-ldap.html

But I don't think you are on the right track.

"pg_signal_backend" cannot login, it is a role to which you add a login user
to give it certain privileges. So you don't need to authenticate the role.

"postgres" is the installation superuser. If security is important for you,
you won't set a password for that user and you won't allow remote logins
with that user.

But for your application users LDAP authentication is a fine thing, and not
hard to set up if you know a little bit about LDAP.

Yours,
Laurenz Albe
--
Cybertec | https://www.cybertec-postgresql.com

In response to

integrate Postgres Users Authentication with our own LDAP Server at 2019-05-09 04:51:02 from M Tarkeshwar Rao

Responses

RE: integrate Postgres Users Authentication with our own LDAP Server at 2019-05-09 07:11:24 from M Tarkeshwar Rao

Browse pgsql-general by date

	From	Date	Subject
Next Message	Laurenz Albe	2019-05-09 06:48:35	Re: Postgres Database Hacked
Previous Message	Achilleas Mantzios	2019-05-09 06:17:37	Re: integrate Postgres Users Authentication with our own LDAP Server

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Peter Eisentraut	2019-05-09 06:52:32	Re: pgsql: Add strict_multi_assignment and too_many_rows plpgsql checks
Previous Message	Dilip Kumar	2019-05-09 06:34:16	Re: POC: Cleaning up orphaned files using undo logs

Browse pgsql-performance by date

	From	Date	Subject
Next Message	M Tarkeshwar Rao	2019-05-09 07:11:24	RE: integrate Postgres Users Authentication with our own LDAP Server
Previous Message	Achilleas Mantzios	2019-05-09 06:17:37	Re: integrate Postgres Users Authentication with our own LDAP Server