postgresqlldaporganizational-unit

Can we use multiple ou's (organizational unit) in Apache LDAP along with Postgresql


I am new to Apache LDAP with Postgresql. Here I am using postgresql v11 and apache LDAP v2.0. I would like to know does it support multiple organizational unit (OU) configuration in postgresql? If it supports please suggest, How can we configure it?

Thanks in advance.


Solution

  • Bearing in mind that you need to make a 1-to-1 mapping of roles in Postgres to any external (LDAP-based users), you can do the following:

    In psql:

    postgres=# create role ou1;
    CREATE ROLE
    postgres=# create role ou2;
    CREATE ROLE
    postgres=# create role user1 in role ou1;
    CREATE ROLE
    postgres=# create role user2 in role ou2;
    CREATE ROLE
    

    (Remember, roles are both groups and users -- just one term for both types)

    In pg_hba.conf:

    host   all         +ou1      0.0.0.0/0  ldap ldapserver=ldap-service ldapprefix="cn=" ldapsuffix=", ou=ou1, dc=example, dc=org" ldapport=389
    host   all         +ou2      0.0.0.0/0  ldap ldapserver=ldap-service ldapprefix="cn=" ldapsuffix=", ou=ou2, dc=example, dc=org" ldapport=389
    

    Disclosure: I work for EnterpriseDB (EDB)