Password Synchronization with PostgreSQL Server
ADSelfService Plus’ Real-time Password Synchronizer helps ensure users have only one password between different applications to reduce password related issues. This means, every time a user resets or changes their Active Directory password, the new password will automatically be synced with the user’s PostgreSQL account.
Prerequisites:
-
Required privilege: PostgreSQL user account that is to be configured should either be a SUPERUSER or have CREATEROLE privileges.
-
ADSelfService Plus supports PostgreSQL versions 9.2 and above. If the PostgreSQL server with which we are to sync Active Directory passwords is installed in another machine, follow the step given below:
-
Edit the pg_hba.conf file (Location: C:\Program Files\PostgreSQL\9.x\data) by configuring the following attributes to specific values.
host <database_name> <user> <IP address> <authentication_type>
-
<database_name> (Enter the name of a database that you want to access in the PostgreSQL server)
-
<user> (Enter the name of the user to whom you want to provide access to the entered database)
-
<IP address> (Enter the IP address of the machine in which ADSelfService Plus is deployed)
-
<authentication_type> (Type ‘trust’ to provide unconditional access to the database or type 'MD5' if you want the user to enter password during the authentication process.)
Note:
- Use the tab key as the delimiter. If there are any other spaces other than a tab between the values, the configuration will not work.
- Install the Password Sync Agent to synchronize native password changes and resets.
Configuration steps
-
Log into ADSelfService Plus admin console with admin credentials.
-
Navigate to Configuration → Self-Service → Password Sync/ Single Sign On.
-
Select the PostgreSQL application.
Note:
You can also find PostgreSQL application that you need from the search bar located in the left pane or the alphabet wise navigation option in the right pane.
-
Enter the Application Name and Description.
-
In the Assign Policies field, select the policies for which password sync need to be enabled.
Note:ADSelfService Plus allows you to create OU and group-based policies for your AD domains. To create a policy, go to Configuration → Self-Service → Policy Configuration → Add New Policy.
-
Select Enable Password Sync.
-
Enter the System Name/IP Address of the server on which PostgreSQL Server instance is deployed.
-
Enter the name of the PostgreSQL Database for which the password sync is to be configured.
-
Enter the Port Number used by the PostgreSQL.
-
Enter the User Name and Password of the PostgreSQL user account.
-
Click Add Application.
Troubleshooting steps
Error: Connection refused or Invalid System Name or Port Number