- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Active Directory authentication to a Postgres data...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-16-2011 11:03 AM
тАО12-16-2011 11:03 AM
Active Directory authentication to a Postgres database
Hi there --
I am going through the motions of setting up Active Directory authentication to a Postgres, 8.1.3, database. The database is a package that was installed onto an HP-UX 11.11 server. The server itself is an NIS master server while the Active Directory environment is running in Windows 2008 mode.
I have downloaded documentation that contains the steps that are involved with this procedure. The URL that contains this information is the following:
http://wiki.postgresql.org/wiki/LDAP_Authentication_against_AD
1. Is it a prerequisite to have openldap installed on the server in order for AD authentication to the database to be possible?
2. Can the server in question be a Master NIS as well as LDAP server simultaneously?
Thanks.
- Tags:
- LDAP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-18-2011 01:39 PM
тАО12-18-2011 01:39 PM
Re: Active Directory authentication to a Postgres database
1.) If Postgres needs a compile-time option to use LDAP, that suggests it's using OpenLDAP libraries for its LDAP client functions. Therefore, you would need to have at least the library/client parts of OpenLDAP installed. Even if OpenLDAP has been packaged in such a fashion that it would be impossible or inconvenient to separate the LDAP client and server functionalities, I don't see why you should actually run the LDAP server daemon to have Postgres act as a client for a remote LDAP/AD server.
2.) There is no technical reason why not.
Remember, even though LDAP is often used for authentication, it is by no means the only possible use for a LDAP server. Like Postgres is a general-purpose database, OpenLDAP server is a general-purpose directory server. It becomes an authentication server only when you set up a suitable directory schema, populate it with authentication information and then tell other systems to use that particular LDAP server for authentication... and none of these things are required steps when installing OpenLDAP.
If you choose to use the LDAP server to provide the same sort of information NIS does (perhaps because you want a multi-protocol authentication server), the question you should be asking is "How do I make sure the NIS and LDAP stay in sync?" - for it definitely won't happen automatically.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-19-2011 10:25 AM
тАО12-19-2011 10:25 AM
Re: Active Directory authentication to a Postgres database
Hi there --
Thanks for your reply. I will see if the library/client parts of OpenLDAP are installed on the server. If they are not, I will go over what is involved with installing them, and verify that doing so will not prove to be problematic to the server or general operations.
I did some further investigating, and according to an article that I read, there are three methods available for the authentication: Kerberos, native LDAP, and pam_ldap. According to the article the preferred authentication method is native LDAP because of its proven track-record. The Kerberos approach has the advantage of having an already domain user being able to access the database without having to re-enter his/her password. The problem here is it is not supported by JBDE or .NET architectures. The pam_ldap approach did not get much in positive feedback.
Admittedly this article was written in 2006, so the problem with Kerberos may have been resolved since that time. Do you have any opinion as to which of the three approaches might be best here?
Thanks.