Thread: LDAP configuration problem

Hi,

I've just installed 8.2.0 from rpms on FC6 i386 and wanted to try out the built-in LDAP support.

The following LDAP authentication was added to "pg_hba.conf"

host  all  all  0.0.0.0  0.0.0.0  ldap://dc.domain.com/dc=domain,dc=com/DOMAIN\

However when trying to connect from another machine, it gave the error "FATAL: missing or erroneous pg_hba.conf file".

Looking at the server log, the comma in "dc=domain,dc=com" has become ^A while all the other characters are intact.

Does this have to do with some other packages or I specified the the line wrong? Thanks in advance.

Wenjian

Wenjian Yang wrote:
> Hi,
>
> I've just installed 8.2.0 from rpms on FC6 i386 and wanted to try out
> the built-in LDAP support.
>
> The following LDAP authentication was added to "pg_hba.conf"
>
> host  all  all  0.0.0.0 <http://0.0.0.0>  0.0.0.0 <http://0.0.0.0>
> ldap://dc.domain.com/dc=domain,dc=com/DOMAIN\
>
> However when trying to connect from another machine, it gave the error
> "FATAL: missing or erroneous pg_hba.conf file".
>
> Looking at the server log, the comma in "dc=domain,dc=com" has become ^A
> while all the other characters are intact.
>
> Does this have to do with some other packages or I specified the the
> line wrong? Thanks in advance.


The first thing you've done wrong is not actually include the log lines
that had something to do with it. What are those server log lines?

Anyway, I beleive you should write:
host all all 0.0.0.0 0.0.0.0 ldap
ldap://dc.domain.com/dc=domain,dc=com/DOMAIN\


//Magnus

Sorry, below are the lines in the log file:

LOG:  invalid entry in file "/pub/pgsql/data/pg_hba.conf" at line 78, token "ldap://dc.domain.com/dc=domain^Adc=com;DOMAIN\"
FATAL:  missing or erroneous pg_hba.conf file
HINT:  See server log for details.

And the pg_hba.conf line 78, is

host  all  all  0.0.0.0   0.0.0.0 ldap://dc.domain.com/dc=domain,dc=com/DOMAIN\

Since the previous email, I had the same problem on another FC6 x86_64 box.

Thanks.

Wenjian

Wenjian Yang wrote:
>
> Sorry, below are the lines in the log file:
>
> LOG:  invalid entry in file "/pub/pgsql/data/pg_hba.conf" at line 78,
> token "ldap://dc.domain.com/dc=domain^Adc=com;DOMAIN\"
> FATAL:  missing or erroneous pg_hba.conf file
> HINT:  See server log for details.
>
> And the pg_hba.conf line 78, is
>
> host  all  all  0.0.0.0 <http://0.0.0.0/>   0.0.0.0 <http://0.0.0.0/>
> ldap://dc.domain.com/dc=domain,dc=com/DOMAIN\
>
> Since the previous email, I had the same problem on another FC6 x86_64 box.

What does the message show if you change the line per my suggestion
below? (note the extra ldap token)

//Magnus


> On 12/29/06, *Magnus Hagander* <magnus@hagander.net
> <mailto:magnus@hagander.net>> wrote:
>
>     Wenjian Yang wrote:
>     > Hi,
>     >
>     > I've just installed 8.2.0 from rpms on FC6 i386 and wanted to try out
>     > the built-in LDAP support.
>     >
>     > The following LDAP authentication was added to "pg_hba.conf"
>     >
>     > host  all  all  0.0.0.0 <http://0.0.0.0> <http://0.0.0.0>  0.0.0.0
>     <http://0.0.0.0> <http://0.0.0.0>
>     > ldap://dc.domain.com/dc=domain,dc=com/DOMAIN\
>     >
>     > However when trying to connect from another machine, it gave the error
>     > "FATAL: missing or erroneous pg_hba.conf file".
>     >
>     > Looking at the server log, the comma in "dc=domain,dc=com" has
>     become ^A
>     > while all the other characters are intact.
>     >
>     > Does this have to do with some other packages or I specified the the
>     > line wrong? Thanks in advance.
>
>
>     The first thing you've done wrong is not actually include the log lines
>     that had something to do with it. What are those server log lines?
>
>     Anyway, I beleive you should write:
>     host all all 0.0.0.0 <http://0.0.0.0> 0.0.0.0 <http://0.0.0.0> ldap
>     ldap://dc.domain.com/dc=domain,dc=com/DOMAIN\
>
>
>     //Magnus
>
>

Magnus,

You are absolutely correct. Sorry that I didn't see the last line since GMAIL hid it for me.

The rpms for Fedora 6 from www.postgresql.com don't seem to have the LDAP support built-in, it shows that

invalid entry in file "/pub/pgsql/data/pg_hba.conf" at line 79, token "ldap"

But after download the source, recompile with "--with-ldap", it worked perfectly. I wonder if this could be built in the rpm as the default in the future.

Thanks and happy new year.

Wenjian

>
> The rpms for Fedora 6 from www.postgresql.com don't seem to have the
> LDAP support built-in, it shows that



Hmmm... that isn't good. Although, do we want to -require- ldap?

Joshua D. Drake


>
> invalid entry in file "/pub/pgsql/data/pg_hba.conf" at line 79, token
> "ldap"
>
> But after download the source, recompile with "--with-ldap", it worked
> perfectly. I wonder if this could be built in the rpm as the default
> in the future.
>
> Thanks and happy new year.
>
> Wenjian
>
>
> On 12/29/06, Magnus Hagander <magnus@hagander.net> wrote:
>         Wenjian Yang wrote:
>         >
>         > Sorry, below are the lines in the log file:
>         >
>         > LOG:  invalid entry in file "/pub/pgsql/data/pg_hba.conf" at
>         line 78,
>         > token "ldap://dc.domain.com/dc=domain^Adc=com;DOMAIN\"
>         > FATAL:  missing or erroneous pg_hba.conf file
>         > HINT:  See server log for details.
>         >
>         > And the pg_hba.conf line 78, is
>         >
>         > host  all  all  0.0.0.0 <http://0.0.0.0/>   0.0.0.0
>         <http://0.0.0.0/>
>         > ldap://dc.domain.com/dc=domain,dc=com/DOMAIN\
>         >
>         > Since the previous email, I had the same problem on another
>         FC6 x86_64 box.
>
>         What does the message show if you change the line per my
>         suggestion
>         below? (note the extra ldap token)
>
>         //Magnus
>
>
>         > On 12/29/06, *Magnus Hagander* <magnus@hagander.net
>         > <mailto:magnus@hagander.net>> wrote:
>         >
>         >     Wenjian Yang wrote:
>         >     > Hi,
>         >     >
>         >     > I've just installed 8.2.0 from rpms on FC6 i386 and
>         wanted to try out
>         >     > the built-in LDAP support.
>         >     >
>         >     > The following LDAP authentication was added to
>         "pg_hba.conf"
>         >     >
>         >     > host  all  all  0.0.0.0 <http://0.0.0.0>
>         <http://0.0.0.0>  0.0.0.0
>         >     <http://0.0.0.0> <http://0.0.0.0 >
>         >     > ldap://dc.domain.com/dc=domain,dc=com/DOMAIN\
>         >     >
>         >     > However when trying to connect from another machine,
>         it gave the error
>         >     > "FATAL: missing or erroneous pg_hba.conf file".
>         >     >
>         >     > Looking at the server log, the comma in
>         "dc=domain,dc=com" has
>         >     become ^A
>         >     > while all the other characters are intact.
>         >     >
>         >     > Does this have to do with some other packages or I
>         specified the the
>         >     > line wrong? Thanks in advance.
>         >
>         >
>         >     The first thing you've done wrong is not actually
>         include the log lines
>         >     that had something to do with it. What are those server
>         log lines?
>         >
>         >     Anyway, I beleive you should write:
>         >     host all all 0.0.0.0 <http://0.0.0.0> 0.0.0.0
>         <http://0.0.0.0> ldap
>         >     ldap://dc.domain.com/dc=domain,dc=com/DOMAIN\
>         >
>         >
>         >     //Magnus
>         >
>         >
>
>
--

      === The PostgreSQL Company: Command Prompt, Inc. ===
Sales/Support: +1.503.667.4564 || 24x7/Emergency: +1.800.492.2240
Providing the most comprehensive  PostgreSQL solutions since 1997
             http://www.commandprompt.com/

Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate