Skip to content

Update LDAP topic 15 #863

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Oct 2, 2025
Merged

Update LDAP topic 15 #863

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 26 additions & 4 deletions docs/ldap.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,29 @@
# LDAP Authentication
# LDAP authentication

When a client application or a user that runs the client application connects to the database, it must identify themselves. The process of validating the client's identity and determining whether this client is permitted to access the database it has requested is called **authentication**.
Percona's PostgreSQL allows you to use LDAP, which uses a central authentication server for storing usernames, passwords and their resource permissions.

Percona Distribution for PortgreSQL supports several [authentication methods :octicons-link-external-16:](https://www.postgresql.org/docs/15/auth-methods.html), including the [LDAP authentication :octicons-link-external-16:](https://www.postgresql.org/docs/14/auth-ldap.html). The use of LDAP is to provide a central place for authentication - meaning the LDAP server stores usernames and passwords and their resource permissions.
The LDAP authentication method in Percona Distribution for PortgreSQL is functionally the same as upstream PostgreSQL, check the documentation [here :octicons-link-external-16:](https://www.postgresql.org/docs/{{pgversion}}/auth-ldap.html) for more information.

The LDAP authentication in Percona Distribution for PortgreSQL is implemented the same way as in upstream PostgreSQL.
## Set up LDAP authentication

Follow these steps to set up LDAP authentication for your PostgreSQL database.
{.power-number}

1. Add in the `pg_hba.conf` file (usually located in `/data/db/...`) the `ldap` authentication method. For example:

```ini
host all all 192.168.1.0/24 ldap ldapserver=ldap.example.com ldapport=389 ldapbinddn="cn=admin,dc=example,dc=com" ldapbindpasswd="password"
```

2. Add or modify the LDAP configuration parameters (`ldapbindpasswd`, `ldapbinddn`, and so on) in your `postgresql.conf` file.

!!! tip
You can directly add the parameters using the `ALTER SYSTEM` command in the psql command line. See a more in-depth list of LDAP configuration parameters [here :octicons-link-external-16:](https://www.postgresql.org/docs/{{pgversion}}/auth-ldap.html).

3. Restart your PostgreSQL service to apply the changes.

4. Connect to your database as a superuser and create the roles that correspond to groups or users in your LDAP directory.

5. Grant appropriate permissions to these roles using [standard SQL GRANT statements :octicons-link-external-16:](https://www.postgresql.org/docs/{{pgversion}}/sql-grant.html).

By following these steps, you have successfully integrated LDAP authentication into your environment.