This works super well for syncing AD users and groups! We created a single AD group to migrate all of our users into Postgres roles, then we are assigning role-based permissions once their account exists in Postgres.
On Fri, Dec 22, 2023 at 5:17 PM Samed YILDIRIM <samed@reddoc.net> wrote:
Hi Jacob,
Please correct me if I'm wrong. What I understand from your mail is that you were told to install PostgreSQL on a virtual machine in Azure and integrate it with Active Directory. My wild guess is that the AD in this picture is probably Azure Active Directory, which does not have LDAP support out of the box.
My assumption is that if you asked this question, you expected to handle authentication and user management through Active Directory, such as creating a user on AD and granting access by making it a member of an AD group, then hoping the user to access the database :) If this is what you want, unfortunately, it does not work in that way :)
You can authenticate Postgres users via LDAP. But, that user should still have been created on Postgres too. I'm adding documentation below. Also, there is a tool for syncing roles. But, I have never used or tested it.
If you want to use Azure AD in this picture and you don't have Azure AD DS, the overall picture becomes way more complicated. The last time I tried this was 3 years ago. PostgreSQL did not have direct support for that. I believe it still does not. You will need to create your own solution. Or, you can use Azure Database for PostgreSQL :)