![]() One of your DCs needs to have the Active Directory Certificate Authority role installed and a certificate issued. passwordless login), since they already did that during OS sign in. Then they should be able to connect to the PostgreSQL instances without entering their passwords (a.k.a. Local users should log into the CentOS servers via AD/LDAP, too. Remote authentication must go through SSL. The user story is AD / LDAP based authentication for corporate users accessing the PostgreSQL instances (e.g. DC2 also serves as a certificate authority, which is necessary for SSL support. There are a couple domain controllers (DCs), such as dc1.ad. and dc2.ad. Since sAMAccountName is not globally unique, users authenticate with their e-mail addresses instead, e.g. ![]() The company’s domain name is, and the corresponding AD domain name is ad., as per best practices. They use CentOS 7 application servers, among them PostgreSQL. The scenario is the Foobar company with Active Directory as the directory service. First of all, I’d like to thank the crew of #postgresql and #centos on freenode for all the help, much appreciated!
0 Comments
Leave a Reply. |