Percona's PostgreSQL allows you to use LDAP, which uses a central authentication server for storing usernames, passwords and their resource permissions.
The LDAP authentication method in Percona Distribution for PortgreSQL is functionally the same as upstream PostgreSQL, check the documentation here :octicons-link-external-16: for more information.
Follow these steps to set up LDAP authentication for your PostgreSQL database. {.power-number}
-
Add in the
pg_hba.conffile (usually located in/data/db/...) theldapauthentication method. For example:host all all 192.168.1.0/24 ldap ldapserver=ldap.example.com ldapport=389 ldapbinddn="cn=admin,dc=example,dc=com" ldapbindpasswd="password"
-
Add or modify the LDAP configuration parameters (
ldapbindpasswd,ldapbinddn, and so on) in yourpostgresql.conffile.!!! tip You can directly add the parameters using the
ALTER SYSTEMcommand in the psql command line. See a more in-depth list of LDAP configuration parameters here :octicons-link-external-16:. -
Restart your PostgreSQL service to apply the changes.
-
Connect to your database as a superuser and create the roles that correspond to groups or users in your LDAP directory.
-
Grant appropriate permissions to these roles using standard SQL GRANT statements :octicons-link-external-16:.
By following these steps, you have successfully integrated LDAP authentication into your environment.