You want to allow LDAP users can use their passwords in login but you don’t want to create non-person accounts like application users in LDAP. How to integrate both in PostgreSQL login authentication ?
In pg_hba.conf your gonna add two lines one for local accounts authentication, another for LDAP accounts authentication.
host all @pgusers all scram-sha-256(or md5)
host all all 0.0.0.0/0 ldap ldapserver=directory.***.com ldapsearchattribute="***" ldapbasedn="ou=people,o=***.com"
Keep the order of lines as non-ldap user first and then ldap users.
pgusers is users file for non-ldap users. It can be located anywhere in postgresql server. Write the full path and add @ prefix.
when you add a non-ldap user in postgres add that username into pgusers file and reload configuration without restarting database:
From the command-line shell
su - postgres
/usr/bin/pg_ctl reload
Or Using SQL
SELECT pg_reload_conf();