Integrating Postgresql with LDAP + PAM

Integrating Postgresql with LDAP and PAM is very easy as this article will show. The only requirements are that you have already setup LDAP and PAM on your UNIX box.

Create a PAM configuration file for Postgresql, such as /etc/pam.d/postgresql90:

auth           required service=system-auth
account        required service=system-auth
session        required service=system-auth

Edit pg_hba.conf and add the following line, including the subnet of the client:

# TYPE  DATABASE        USER            CIDR-ADDRESS            METHOD
host    all             all            pam   pamservice=postgresql90

The pamservice method must reflect the name of the PAM configuration file for postgresql created earlier.

Finally edit postgresql.conf and set the 'listen_addresses' to the ip address of the postgresql server. One final last step to affect the changes is to reload the postgres configuration file like this:

pg_ctl reload

No comments: