Re: LDAP Configuration for Postgres authenticating against AD - Mailing list pgsql-general
| From | Kevin Kempter |
|---|---|
| Subject | Re: LDAP Configuration for Postgres authenticating against AD |
| Date | |
| Msg-id | 200908042001.00558.kevink@consistentstate.com Whole thread Raw |
| In response to | LDAP Configuration for Postgres authenticating against AD (Richard Esmonde <richard.esmonde@archimedesmodel.com>) |
| List | pgsql-general |
On Tuesday 04 August 2009 19:41:57 Richard Esmonde wrote: > Hi, > > > > I'm new to PostGres (so go easy on my naivety). I am trying to configure > the postgres host based configuration file to permit users to authenticate > against our Active Directory. > > Needless to say both Ubuntu server and AD are in the same Domain. > > > > . I am running PostGRESQL v8.3.7 on a 64-Bit Ubuntu Hardy Heron > Dell server with Apache 2. > > . I am not running SSL. > > . This work is happening on a LAN. My AD server=master1 and the > LAN=belfry.lan > > . I installed Postgres as follow: > > o # sudo apt-get install postgresql-8.3 postgresql-client-8.3 > postgresql-client-common postgresql-common > > > > It runs just fine and I can create databases users and tables with no > problems. > > > > Currently, the end of my pg_hba.conf file looks like: > > ============================================ > > # IPv4 local connections: > > host all all 127.0.0.1/32 md5 > > host all all 10.5.5.0 255.255.255.0 password > > > > # IPv6 local connections: > > host all all ::1/128 md5 > > > > # Remote TCP/IP connection > > #host all postgres 127.0.0.1/32 password > > # host all all 10.5.5.0/16 ldap > "ldap://master1:389/dc=belfry,dc=lan;BELFRY\" > > # host all all 10.5.5.0 255.255.255.0 ldap > "ldap://master1:389/dc=belfry,dc=lan;BELFRY\" > > > > host all all 10.5.5.0 255.255.255.0 ldap > "ldap://master1. belfry.lan:389/ou=Belfry > Users,ou=programmers;dc=belfry,dc=lan;cn=*;BELFRY\" > > > > > > ============================================= > > > > Each time I change it I stop and start PostGres. > > > > I created a testuser and a test database. The user, testuser exists in my > Active directory with a different password. I can connect as testuser to > the DB via command line or via pgAdmin111 with the postgres password for > testuser. When I try to connect using the users LDAP password I always > get: > > > > . psql: FATAL: password authentication failed for user testuser > > > > Three days into this I am none the wiser - I'm exhausting Google servers. > Can anyone tell me what I have forgotten to do or have overlooked in > getting this setup correctly? To my mind it's behaving as though it's not > honoring anything I have put in the pg_hba.conf for Remote TCP/IP > connections. I have to be missing something super simple... a > postgres-ldap add-on for Postgres on Ubuntu perhaps? > > > > I set connections to debug2 in the logs. Debug5 was giving me hundreds of > lines of "blah". Tail of logs now looks like: > > ============================================= > > > > 2009-08-04 16:49:15 PDT DEBUG: proc_exit(0) > > 2009-08-04 16:49:15 PDT DEBUG: shmem_exit(0) > > 2009-08-04 16:49:15 PDT DEBUG: exit(0) > > 2009-08-04 16:49:15 PDT DEBUG: server process (PID 8637) exited with exit > code 0 > > 2009-08-04 16:49:24 PDT LOG: incomplete startup packet > > 2009-08-04 16:49:24 PDT DEBUG: proc_exit(0) > > 2009-08-04 16:49:24 PDT DEBUG: shmem_exit(0) > > 2009-08-04 16:49:24 PDT DEBUG: exit(0) > > 2009-08-04 16:49:24 PDT DEBUG: forked new backend, pid=8646 socket=9 > > 2009-08-04 16:49:24 PDT DEBUG: server process (PID 8646) exited with exit > code 0 > > 2009-08-04 16:49:24 PDT DEBUG: postmaster received signal 2 > > 2009-08-04 16:49:24 PDT LOG: received fast shutdown request > > 2009-08-04 16:49:24 PDT LOG: aborting any active transactions > > 2009-08-04 16:49:24 PDT LOG: autovacuum launcher shutting down > > 2009-08-04 16:49:24 PDT DEBUG: proc_exit(0) > > 2009-08-04 16:49:24 PDT DEBUG: shmem_exit(0) > > 2009-08-04 16:49:24 PDT DEBUG: exit(0) > > 2009-08-04 16:49:24 PDT DEBUG: proc_exit(0) > > 2009-08-04 16:49:24 PDT DEBUG: shmem_exit(0) > > 2009-08-04 16:49:24 PDT DEBUG: exit(0) > > 2009-08-04 16:49:24 PDT LOG: shutting down > > 2009-08-04 16:49:24 PDT LOG: database system is shut down > > 2009-08-04 16:49:24 PDT DEBUG: proc_exit(0) > > 2009-08-04 16:49:24 PDT DEBUG: shmem_exit(0) > > 2009-08-04 16:49:24 PDT DEBUG: exit(0) > > 2009-08-04 16:49:24 PDT DEBUG: proc_exit(0) > > 2009-08-04 16:49:24 PDT DEBUG: shmem_exit(0) > > 2009-08-04 16:49:24 PDT DEBUG: exit(0) > > 2009-08-04 23:53:23 GMT DEBUG: postgres: PostmasterMain: initial environ > dump: > > 2009-08-04 23:53:23 GMT DEBUG: ----------------------------------------- > > 2009-08-04 23:53:23 GMT DEBUG: LC_CTYPE=en_US.UTF-8 > > 2009-08-04 23:53:23 GMT DEBUG: PGSYSCONFDIR=/etc/postgresql-common > > 2009-08-04 23:53:23 GMT DEBUG: PGLOCALEDIR=/usr/share/locale > > 2009-08-04 23:53:23 GMT DEBUG: PWD=/var/lib/postgresql > > 2009-08-04 23:53:23 GMT DEBUG: PGDATA=/var/lib/postgresql/8.3/main > > 2009-08-04 23:53:23 GMT DEBUG: LC_COLLATE=C > > 2009-08-04 23:53:23 GMT DEBUG: LC_MESSAGES=en_US.UTF-8 > > 2009-08-04 23:53:23 GMT DEBUG: LC_MONETARY=C > > 2009-08-04 23:53:23 GMT DEBUG: LC_NUMERIC=C > > 2009-08-04 23:53:23 GMT DEBUG: LC_TIME=C > > 2009-08-04 23:53:23 GMT DEBUG: ----------------------------------------- > > 2009-08-04 16:53:23 PDT LOG: could not load root certificate file > "root.crt": no SSL error reported > > 2009-08-04 16:53:23 PDT DETAIL: Will not verify client certificates. > > 2009-08-04 16:53:23 PDT DEBUG: invoking IpcMemoryCreate(size=30384128) > > 2009-08-04 16:53:23 PDT DEBUG: max_safe_fds = 981, usable_fds = 1000, > already_open = 9 > > 2009-08-04 17:01:09 PDT LOG: could not load root certificate file > "root.crt": no SSL error reported > > 2009-08-04 17:01:09 PDT DETAIL: Will not verify client certificates. > > 2009-08-04 17:01:09 PDT DEBUG: max_safe_fds = 981, usable_fds = 1000, > already_open = 9 > > ============================================= > > > > > > Thanks in advance to any and all who have a clue more than I, > > > > Rich did you reference this when you set this up? http://wiki.postgresql.org/wiki/LDAP_Authentication_against_AD If not maybe there's some help here...
pgsql-general by date: