Thread: LDAP configuration problem

LDAP configuration problem

From
"Wenjian Yang"
Date:
Hi,

I've just installed 8.2.0 from rpms on FC6 i386 and wanted to try out the built-in LDAP support.

The following LDAP authentication was added to "pg_hba.conf"

host  all  all  0.0.0.0  0.0.0.0  ldap://dc.domain.com/dc=domain,dc=com/DOMAIN\

However when trying to connect from another machine, it gave the error "FATAL: missing or erroneous pg_hba.conf file".

Looking at the server log, the comma in "dc=domain,dc=com" has become ^A while all the other characters are intact.

Does this have to do with some other packages or I specified the the line wrong? Thanks in advance.

Wenjian

Re: LDAP configuration problem

From
Magnus Hagander
Date:
Wenjian Yang wrote:
> Hi,
>
> I've just installed 8.2.0 from rpms on FC6 i386 and wanted to try out
> the built-in LDAP support.
>
> The following LDAP authentication was added to "pg_hba.conf"
>
> host  all  all  0.0.0.0 <http://0.0.0.0>  0.0.0.0 <http://0.0.0.0>
> ldap://dc.domain.com/dc=domain,dc=com/DOMAIN\
>
> However when trying to connect from another machine, it gave the error
> "FATAL: missing or erroneous pg_hba.conf file".
>
> Looking at the server log, the comma in "dc=domain,dc=com" has become ^A
> while all the other characters are intact.
>
> Does this have to do with some other packages or I specified the the
> line wrong? Thanks in advance.


The first thing you've done wrong is not actually include the log lines
that had something to do with it. What are those server log lines?

Anyway, I beleive you should write:
host all all 0.0.0.0 0.0.0.0 ldap
ldap://dc.domain.com/dc=domain,dc=com/DOMAIN\


//Magnus

Re: LDAP configuration problem

From
"Wenjian Yang"
Date:

Sorry, below are the lines in the log file:

LOG:  invalid entry in file "/pub/pgsql/data/pg_hba.conf" at line 78, token "ldap://dc.domain.com/dc=domain^Adc=com;DOMAIN\"
FATAL:  missing or erroneous pg_hba.conf file
HINT:  See server log for details.

And the pg_hba.conf line 78, is

host  all  all  0.0.0.0   0.0.0.0 ldap://dc.domain.com/dc=domain,dc=com/DOMAIN\

Since the previous email, I had the same problem on another FC6 x86_64 box.

Thanks.

Wenjian

On 12/29/06, Magnus Hagander <magnus@hagander.net> wrote:
Wenjian Yang wrote:
> Hi,
>
> I've just installed 8.2.0 from rpms on FC6 i386 and wanted to try out
> the built-in LDAP support.
>
> The following LDAP authentication was added to "pg_hba.conf"
>
> host  all  all  0.0.0.0 <http://0.0.0.0>  0.0.0.0 <http://0.0.0.0>
> ldap://dc.domain.com/dc=domain,dc=com/DOMAIN\
>
> However when trying to connect from another machine, it gave the error
> "FATAL: missing or erroneous pg_hba.conf file".
>
> Looking at the server log, the comma in "dc=domain,dc=com" has become ^A
> while all the other characters are intact.
>
> Does this have to do with some other packages or I specified the the
> line wrong? Thanks in advance.


The first thing you've done wrong is not actually include the log lines
that had something to do with it. What are those server log lines?

Anyway, I beleive you should write:
host all all 0.0.0.0 0.0.0.0 ldap
ldap://dc.domain.com/dc=domain,dc=com/DOMAIN\


//Magnus

Re: LDAP configuration problem

From
Magnus Hagander
Date:
Wenjian Yang wrote:
>
> Sorry, below are the lines in the log file:
>
> LOG:  invalid entry in file "/pub/pgsql/data/pg_hba.conf" at line 78,
> token "ldap://dc.domain.com/dc=domain^Adc=com;DOMAIN\"
> FATAL:  missing or erroneous pg_hba.conf file
> HINT:  See server log for details.
>
> And the pg_hba.conf line 78, is
>
> host  all  all  0.0.0.0 <http://0.0.0.0/>   0.0.0.0 <http://0.0.0.0/>
> ldap://dc.domain.com/dc=domain,dc=com/DOMAIN\
>
> Since the previous email, I had the same problem on another FC6 x86_64 box.

What does the message show if you change the line per my suggestion
below? (note the extra ldap token)

//Magnus


> On 12/29/06, *Magnus Hagander* <magnus@hagander.net
> <mailto:magnus@hagander.net>> wrote:
>
>     Wenjian Yang wrote:
>     > Hi,
>     >
>     > I've just installed 8.2.0 from rpms on FC6 i386 and wanted to try out
>     > the built-in LDAP support.
>     >
>     > The following LDAP authentication was added to "pg_hba.conf"
>     >
>     > host  all  all  0.0.0.0 <http://0.0.0.0> <http://0.0.0.0>  0.0.0.0
>     <http://0.0.0.0> <http://0.0.0.0>
>     > ldap://dc.domain.com/dc=domain,dc=com/DOMAIN\
>     >
>     > However when trying to connect from another machine, it gave the error
>     > "FATAL: missing or erroneous pg_hba.conf file".
>     >
>     > Looking at the server log, the comma in "dc=domain,dc=com" has
>     become ^A
>     > while all the other characters are intact.
>     >
>     > Does this have to do with some other packages or I specified the the
>     > line wrong? Thanks in advance.
>
>
>     The first thing you've done wrong is not actually include the log lines
>     that had something to do with it. What are those server log lines?
>
>     Anyway, I beleive you should write:
>     host all all 0.0.0.0 <http://0.0.0.0> 0.0.0.0 <http://0.0.0.0> ldap
>     ldap://dc.domain.com/dc=domain,dc=com/DOMAIN\
>
>
>     //Magnus
>
>


Re: LDAP configuration problem

From
"Wenjian Yang"
Date:

Magnus,

You are absolutely correct. Sorry that I didn't see the last line since GMAIL hid it for me.

The rpms for Fedora 6 from www.postgresql.com don't seem to have the LDAP support built-in, it shows that

invalid entry in file "/pub/pgsql/data/pg_hba.conf" at line 79, token "ldap"

But after download the source, recompile with "--with-ldap", it worked perfectly. I wonder if this could be built in the rpm as the default in the future.

Thanks and happy new year.

Wenjian


On 12/29/06, Magnus Hagander <magnus@hagander.net> wrote:
Wenjian Yang wrote:
>
> Sorry, below are the lines in the log file:
>
> LOG:  invalid entry in file "/pub/pgsql/data/pg_hba.conf" at line 78,
> token "ldap://dc.domain.com/dc=domain^Adc=com;DOMAIN\"
> FATAL:  missing or erroneous pg_hba.conf file
> HINT:  See server log for details.
>
> And the pg_hba.conf line 78, is
>
> host  all  all  0.0.0.0 <http://0.0.0.0/>   0.0.0.0 < http://0.0.0.0/>
> ldap://dc.domain.com/dc=domain,dc=com/DOMAIN\
>
> Since the previous email, I had the same problem on another FC6 x86_64 box.

What does the message show if you change the line per my suggestion
below? (note the extra ldap token)

//Magnus


> On 12/29/06, *Magnus Hagander* <magnus@hagander.net
> <mailto: magnus@hagander.net>> wrote:
>
>     Wenjian Yang wrote:
>     > Hi,
>     >
>     > I've just installed 8.2.0 from rpms on FC6 i386 and wanted to try out
>     > the built-in LDAP support.
>     >
>     > The following LDAP authentication was added to "pg_hba.conf"
>     >
>     > host  all  all  0.0.0.0 < http://0.0.0.0> <http://0.0.0.0>  0.0.0.0
>     <http://0.0.0.0> <http://0.0.0.0 >
>     > ldap://dc.domain.com/dc=domain,dc=com/DOMAIN\
>     >
>     > However when trying to connect from another machine, it gave the error
>     > "FATAL: missing or erroneous pg_hba.conf file".
>     >
>     > Looking at the server log, the comma in "dc=domain,dc=com" has
>     become ^A
>     > while all the other characters are intact.
>     >
>     > Does this have to do with some other packages or I specified the the
>     > line wrong? Thanks in advance.
>
>
>     The first thing you've done wrong is not actually include the log lines
>     that had something to do with it. What are those server log lines?
>
>     Anyway, I beleive you should write:
>     host all all 0.0.0.0 <http://0.0.0.0> 0.0.0.0 < http://0.0.0.0> ldap
>     ldap://dc.domain.com/dc=domain,dc=com/DOMAIN\
>
>
>     //Magnus
>
>


Re: LDAP configuration problem

From
"Joshua D. Drake"
Date:
>
> The rpms for Fedora 6 from www.postgresql.com don't seem to have the
> LDAP support built-in, it shows that



Hmmm... that isn't good. Although, do we want to -require- ldap?

Joshua D. Drake


>
> invalid entry in file "/pub/pgsql/data/pg_hba.conf" at line 79, token
> "ldap"
>
> But after download the source, recompile with "--with-ldap", it worked
> perfectly. I wonder if this could be built in the rpm as the default
> in the future.
>
> Thanks and happy new year.
>
> Wenjian
>
>
> On 12/29/06, Magnus Hagander <magnus@hagander.net> wrote:
>         Wenjian Yang wrote:
>         >
>         > Sorry, below are the lines in the log file:
>         >
>         > LOG:  invalid entry in file "/pub/pgsql/data/pg_hba.conf" at
>         line 78,
>         > token "ldap://dc.domain.com/dc=domain^Adc=com;DOMAIN\"
>         > FATAL:  missing or erroneous pg_hba.conf file
>         > HINT:  See server log for details.
>         >
>         > And the pg_hba.conf line 78, is
>         >
>         > host  all  all  0.0.0.0 <http://0.0.0.0/>   0.0.0.0
>         <http://0.0.0.0/>
>         > ldap://dc.domain.com/dc=domain,dc=com/DOMAIN\
>         >
>         > Since the previous email, I had the same problem on another
>         FC6 x86_64 box.
>
>         What does the message show if you change the line per my
>         suggestion
>         below? (note the extra ldap token)
>
>         //Magnus
>
>
>         > On 12/29/06, *Magnus Hagander* <magnus@hagander.net
>         > <mailto:magnus@hagander.net>> wrote:
>         >
>         >     Wenjian Yang wrote:
>         >     > Hi,
>         >     >
>         >     > I've just installed 8.2.0 from rpms on FC6 i386 and
>         wanted to try out
>         >     > the built-in LDAP support.
>         >     >
>         >     > The following LDAP authentication was added to
>         "pg_hba.conf"
>         >     >
>         >     > host  all  all  0.0.0.0 <http://0.0.0.0>
>         <http://0.0.0.0>  0.0.0.0
>         >     <http://0.0.0.0> <http://0.0.0.0 >
>         >     > ldap://dc.domain.com/dc=domain,dc=com/DOMAIN\
>         >     >
>         >     > However when trying to connect from another machine,
>         it gave the error
>         >     > "FATAL: missing or erroneous pg_hba.conf file".
>         >     >
>         >     > Looking at the server log, the comma in
>         "dc=domain,dc=com" has
>         >     become ^A
>         >     > while all the other characters are intact.
>         >     >
>         >     > Does this have to do with some other packages or I
>         specified the the
>         >     > line wrong? Thanks in advance.
>         >
>         >
>         >     The first thing you've done wrong is not actually
>         include the log lines
>         >     that had something to do with it. What are those server
>         log lines?
>         >
>         >     Anyway, I beleive you should write:
>         >     host all all 0.0.0.0 <http://0.0.0.0> 0.0.0.0
>         <http://0.0.0.0> ldap
>         >     ldap://dc.domain.com/dc=domain,dc=com/DOMAIN\
>         >
>         >
>         >     //Magnus
>         >
>         >
>
>
--

      === The PostgreSQL Company: Command Prompt, Inc. ===
Sales/Support: +1.503.667.4564 || 24x7/Emergency: +1.800.492.2240
Providing the most comprehensive  PostgreSQL solutions since 1997
             http://www.commandprompt.com/

Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate