Re: LDAP Configuration for Postgres authenticating against AD - Mailing list pgsql-general

From Craig Ringer
Subject Re: LDAP Configuration for Postgres authenticating against AD
Date
Msg-id 1249438667.3465.5.camel@wallace.localnet
Whole thread Raw
In response to LDAP Configuration for Postgres authenticating against AD  (Richard Esmonde <richard.esmonde@archimedesmodel.com>)
List pgsql-general
On Tue, 2009-08-04 at 21:41 -0400, Richard Esmonde wrote:

> Three days into this I am none the wiser - I’m exhausting Google
> servers.  Can anyone tell me what I have forgotten to do or have
> overlooked in getting this setup correctly?  To my mind it’s behaving
> as though it’s not honoring anything I have put in the pg_hba.conf for
> Remote TCP/IP connections.  I have to be missing something super
> simple…..  a postgres-ldap add-on for Postgres on Ubuntu perhaps?

On my Ubuntu 9.04 system `postmaster' links directly to libldap, and
appears to support LDAP authentication. I don't see any additional auth
modules in the respository. So, no, I doubt you need anything extra.

Are you sure your posted pg_hba.conf was right? You had:

host  all     all     10.5.5.0 255.255.255.0  password
host  all     all     10.5.5.0 255.255.255.0   ldap "ldap://master1.
belfry.lan:389/ou=Belfry
Users,ou=programmers;dc=belfry,dc=lan;cn=*;BELFRY\"


... so you wouldn't even be trying LDAP authentication. Any user trying
to connect to any DB from the 10.5.5.0/24 range would be expected to use
password auth. The LDAP auth line can never match.

Maybe instead of "all" users for password auth you wanted to (eg) only
require password auth for the "postgres" user?


If that's not the issue: Try watching for LDAP traffic with wireshark;
see if there's any communication. Also, use `ldapsearch' from the host
running Pg to query AD, make sure that works.

--
Craig Ringer


pgsql-general by date:

Previous
From: Kevin Kempter
Date:
Subject: Re: LDAP Configuration for Postgres authenticating against AD
Next
From: Steve Atkins
Date:
Subject: Re: LDAP Configuration for Postgres authenticating against AD