Skip to content

Commit 0444954

Browse files
AndriciucAndriciuc
authored
Update LDAP topic 16 (#862)
backpatching from #861
1 parent 7cf900b commit 0444954

File tree

1 file changed

+26
-4
lines changed

1 file changed

+26
-4
lines changed

docs/ldap.md

Lines changed: 26 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,29 @@
1-
# LDAP Authentication
1+
# LDAP authentication
22

3-
When a client application or a user that runs the client application connects to the database, it must identify themselves. The process of validating the client's identity and determining whether this client is permitted to access the database it has requested is called **authentication**.
3+
Percona's PostgreSQL allows you to use LDAP, which uses a central authentication server for storing usernames, passwords and their resource permissions.
44

5-
Percona Distribution for PortgreSQL supports several [authentication methods :octicons-link-external-16:](https://www.postgresql.org/docs/{{pgversion}}/auth-methods.html), including the [LDAP authentication :octicons-link-external-16:](https://www.postgresql.org/docs/{{pgversion}}/auth-ldap.html). The use of LDAP is to provide a central place for authentication - meaning the LDAP server stores usernames and passwords and their resource permissions.
5+
The LDAP authentication method in Percona Distribution for PortgreSQL is functionally the same as upstream PostgreSQL, check the documentation [here :octicons-link-external-16:](https://www.postgresql.org/docs/{{pgversion}}/auth-ldap.html) for more information.
66

7-
The LDAP authentication in Percona Distribution for PortgreSQL is implemented the same way as in upstream PostgreSQL.
7+
## Set up LDAP authentication
8+
9+
Follow these steps to set up LDAP authentication for your PostgreSQL database.
10+
{.power-number}
11+
12+
1. Add in the `pg_hba.conf` file (usually located in `/data/db/...`) the `ldap` authentication method. For example:
13+
14+
```ini
15+
host all all 192.168.1.0/24 ldap ldapserver=ldap.example.com ldapport=389 ldapbinddn="cn=admin,dc=example,dc=com" ldapbindpasswd="password"
16+
```
17+
18+
2. Add or modify the LDAP configuration parameters (`ldapbindpasswd`, `ldapbinddn`, and so on) in your `postgresql.conf` file.
19+
20+
!!! tip
21+
You can directly add the parameters using the `ALTER SYSTEM` command in the psql command line. See a more in-depth list of LDAP configuration parameters [here :octicons-link-external-16:](https://www.postgresql.org/docs/{{pgversion}}/auth-ldap.html).
22+
23+
3. Restart your PostgreSQL service to apply the changes.
24+
25+
4. Connect to your database as a superuser and create the roles that correspond to groups or users in your LDAP directory.
26+
27+
5. Grant appropriate permissions to these roles using [standard SQL GRANT statements :octicons-link-external-16:](https://www.postgresql.org/docs/{{pgversion}}/sql-grant.html).
28+
29+
By following these steps, you have successfully integrated LDAP authentication into your environment.

0 commit comments

Comments
 (0)