Wednesday, November 02, 2011

Integrating Postgresql with LDAP + PAM

Integrating Postgresql with LDAP and PAM is very easy as this article will show. The only requirements are that you have already setup LDAP and PAM on your UNIX box.

Create a PAM configuration file for Postgresql, such as /etc/pam.d/postgresql90:

#%PAM-1.0
auth           required        pam_stack.so service=system-auth
account        required        pam_stack.so service=system-auth
session        required        pam_stack.so service=system-auth


Edit pg_hba.conf and add the following line, including the subnet of the client:

# TYPE  DATABASE        USER            CIDR-ADDRESS            METHOD
host    all             all             10.255.0.0/24         pam   pamservice=postgresql90



The pamservice method must reflect the name of the PAM configuration file for postgresql created earlier.

Finally edit postgresql.conf and set the 'listen_addresses' to the ip address of the postgresql server. One final last step to affect the changes is to reload the postgres configuration file like this:


pg_ctl reload
Post a Comment