Thread: pg_hba LDAP Authentication syntax
Howdy, I was hoping someone could help me with ye olde ldap authentication syntax. I'm currently using PG 8.3.9 and an upgrade is not an option. Now, that being said, since i'm very new to LDAP i decided to use PG 9 to experiment with since it looks like it has an easier syntax. So what i've got working in PG9 is the following: <hba stuff> ldap ldapserver=w.x.y.z ldapbinddn="cn=admin,dc=domain,dc=com" ldapbindpasswd="password" ldapbasedn="ou=postgresql,dc=domain,dc=com" I'm trying to translate that to the old syntax of: <hba stuff> ldap "ldap://w.x.y.z/ou=postgresql,dc=domain,dc=com;<stuff>" basically, i don't know how to fit cn=admin and ldapbindpassword into that string. Thanks Dave
On Thu, Nov 4, 2010 at 13:54, David Kerr <dmk@mr-paradox.net> wrote: > Howdy, > > I was hoping someone could help me with ye olde ldap authentication syntax. > > I'm currently using PG 8.3.9 and an upgrade is not an option. > > Now, that being said, since i'm very new to LDAP i decided to use PG 9 to experiment with > since it looks like it has an easier syntax. > > So what i've got working in PG9 is the following: > <hba stuff> ldap ldapserver=w.x.y.z ldapbinddn="cn=admin,dc=domain,dc=com" ldapbindpasswd="password" > ldapbasedn="ou=postgresql,dc=domain,dc=com" > > > I'm trying to translate that to the old syntax of: > <hba stuff> ldap "ldap://w.x.y.z/ou=postgresql,dc=domain,dc=com;<stuff>" > > basically, i don't know how to fit cn=admin and ldapbindpassword into that string. The search+bind feature is not available on 8.3 - it's a new feature in 9.0. -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/
On Thu, Nov 04, 2010 at 02:07:29PM -0700, Magnus Hagander wrote: - > - > I'm trying to translate that to the old syntax of: - > <hba stuff> ldap "ldap://w.x.y.z/ou=postgresql,dc=domain,dc=com;<stuff>" - > - > basically, i don't know how to fit cn=admin and ldapbindpassword into that string. - - The search+bind feature is not available on 8.3 - it's a new feature in 9.0. Not 8.4? http://www.postgresql.org/docs/8.4/interactive/auth-methods.html Dave
On Thu, Nov 4, 2010 at 15:30, David Kerr <dmk@mr-paradox.net> wrote: > On Thu, Nov 04, 2010 at 02:07:29PM -0700, Magnus Hagander wrote: > - > > - > I'm trying to translate that to the old syntax of: > - > <hba stuff> ldap "ldap://w.x.y.z/ou=postgresql,dc=domain,dc=com;<stuff>" > - > > - > basically, i don't know how to fit cn=admin and ldapbindpassword into that string. > - > - The search+bind feature is not available on 8.3 - it's a new feature in 9.0. > > Not 8.4? > http://www.postgresql.org/docs/8.4/interactive/auth-methods.html > No. 8.4 had only the prefix/suffix method, the search/bind method was added in 9.0.That's why the parameters for search/bind don't exist in 8.4. -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/
On Thu, Nov 04, 2010 at 03:35:11PM -0700, Magnus Hagander wrote: - On Thu, Nov 4, 2010 at 15:30, David Kerr <dmk@mr-paradox.net> wrote: - > On Thu, Nov 04, 2010 at 02:07:29PM -0700, Magnus Hagander wrote: - > - > - > - > I'm trying to translate that to the old syntax of: - > - > <hba stuff> ldap "ldap://w.x.y.z/ou=postgresql,dc=domain,dc=com;<stuff>" - > - > - > - > basically, i don't know how to fit cn=admin and ldapbindpassword into that string. - > - - > - The search+bind feature is not available on 8.3 - it's a new feature in 9.0. - > - > Not 8.4? - > http://www.postgresql.org/docs/8.4/interactive/auth-methods.html - > - - No. 8.4 had only the prefix/suffix method, the search/bind method was - added in 9.0.That's why the parameters for search/bind don't exist in - 8.4. Ok thanks. Dave