PostgreSQL Reference Manual - Volume 3 - Server Administration Guide by The PostgreSQL Global Development Group Paperback (6"x9"), 204 pages ISBN 0954612043 RRP £13.95 ($24.95) Sales of this book support the PostgreSQL project! Get a printed copy>>>

PostgreSQL Reference Manual Volume 3 Buy the book here! >>> learn more

7.2.5 LDAP authentication

This authentication method operates similarly to password except that it uses LDAP as the authentication method. LDAP is used only to validate the user name/password pairs. Therefore the user must already exist in the database before LDAP can be used for authentication. The server and parameters used are specified after the ldap key word in the file ‘pg_hba.conf’. The format of this parameter is:

ldap[s]://servername[:port]/base dn[;prefix[;suffix]]

for example:

ldap://ldap.example.net/dc=example,dc=net;EXAMPLE\

If ldaps is specified instead of ldap, TLS encryption will be enabled for the connection. Note that this will encrypt only the connection between the PostgreSQL server and the LDAP server. The connection between the client and the PostgreSQL server is not affected by this setting. To make use of TLS encryption, you may need to configure the LDAP library prior to configuring PostgreSQL. Note that encrypted LDAP is available only if the platform's LDAP library supports it.

If no port is specified, the default port as configured in the LDAP library will be used.

The server will bind to the distinguished name specified as base dn using the user name supplied by the client. If prefix and suffix is specified, it will be prepended and appended to the user name before the bind. Typically, the prefix parameter is used to specify cn=, or DOMAIN\ in an Active Directory environment.