LDAP Authentication v1

Suggest edits

EDB Postgres Distributed for Kubernetes supports LDAP authentication, LDAP configuration on EDB Postgres Distributed for Kubernetes relies on the implementation from EDB Postgres for Kubernetes (PG4K). Please refer to the PG4K documentation for the full context.

Important

Before you proceed, please take some time to familiarize with the LDAP authentication feature in the postgres documentation.

With LDAP support, only the user authentication is sent to LDAP, so the user must already exist in the postgres database.

Here is an example of LDAP configuration using simple bind mode in PGDGroup, postgres simply use prefix + username + suffix and password to bind the LDAP server to achieve the authentication.

spec:
  [...]
  cnp:
    postgresql:
      ldap: 
        server: 'ldap-service.ldap.svc.cluster.local'
        bindAsAuth:
          prefix: "uid="
          suffix: ",dc=example,dc=org"

Here is a example of LDAP configuration using search+bind mode in PGDGroup. In this mode, the postgres is first bound to the LDAP using bindDN with its password stored in the secret bindPassword, then postgres tries to perform a search under baseDN to find a username that matches the item specified by searchAttribute, if a match is found, postgres finally verifies the entry and the password against the LDAP server.

spec:
  [...]
  cnp:
    postgresql:
    ldap: 
        server: 'ldap-service.ldap.svc.cluster.local'
        bindSearchAuth: 
        baseDN: "dc=example,dc=org"
        bindDN: "cn=admin,dc=example,dc=org"
        searchAttribute: "uid"
        bindPassword:
            name: ldap-bind-password
            key: password

← Prev

Transparent Data Encryption (TDE)

↑ Up

EDB Postgres Distributed for Kubernetes

Examples of configuration

LDAP Authentication v1

Important

← Prev

↑ Up

Next →