Thread: ldap authentication multiple ou objects

ldap authentication multiple ou objects

From

Sim Zacks

Date:

23 February 2011, 09:45:27

Is there a way to do ldap authentication in pg_hba on a structure that
has multiple ou objects?

Lets say I have an ou=Users and then an ou per dept.

I want the ldap to do authentication no matter which ou the user is in.


My current ldap string is:

ldap://ldap.server.local/Users;uid=;,ou=Users,dc=server,dc=local

and it works if the user is only in the ou=Users but if he is in any sub
ou it gives authentication failed.


Thanks

SIm

Re: ldap authentication multiple ou objects

From

Sim Zacks

Date:

24 February 2011, 10:37:23

On 02/23/2011 10:27 PM, Magnus Hagander wrote:

> On Wed, Feb 23, 2011 at 11:43, Sim Zacks<sim@compulab.co.il>  wrote:
>> Is there a way to do ldap authentication in pg_hba on a structure that has
>> multiple ou objects?
>>
>> Lets say I have an ou=Users and then an ou per dept.
>>
>> I want the ldap to do authentication no matter which ou the user is in.
>>
>>
>> My current ldap string is:
>>
>> ldap://ldap.server.local/Users;uid=;,ou=Users,dc=server,dc=local
>>
>> and it works if the user is only in the ou=Users but if he is in any sub ou
>> it gives authentication failed.
> Yes, if you use the search+bind mode you can search across a
> hierarchy. See http://www.postgresql.org/docs/9.0/static/auth-methods.html#AUTH-LDAP,
> look under "search+bind".
I guess that's new in 9.0 We're still stuck in 8.2land for the time being.
Thanks

Sim

Re: ldap authentication multiple ou objects

From

Sim Zacks

Date:

24 February 2011, 13:12:45

On 02/24/2011 12:51 AM, Michael Black wrote:

Look at the "Search Filters" and "LDAP URL" sections of http://quark.humbug.org.au/publications/ldap/ldap_tut.html . There are some samples of "wildcard" filters there.

I tried a number of possibilities for the ldap url based on the LDAP URL section and I'm guessing that pg 8.2 doesn't support the ?scope variable. According to the documentation it is supported in 9.0 but not in the same format as the RFC documentation in the link you sent me.

Thanks
Sim

> Date: Wed, 23 Feb 2011 12:43:45 +0200
> From: sim@compulab.co.il
> To: pgsql-general@postgresql.org
> Subject: [GENERAL] ldap authentication multiple ou objects
>
> Is there a way to do ldap authentication in pg_hba on a structure that
> has multiple ou objects?
>
> Lets say I have an ou=Users and then an ou per dept.
>
> I want the ldap to do authentication no matter which ou the user is in.
>
>
> My current ldap string is:
>
> ldap://ldap.server.local/Users;uid=;,ou=Users,dc=server,dc=local
>
> and it works if the user is only in the ou=Users but if he is in any sub
> ou it gives authentication failed.
>
>
> Thanks
>
> SIm
>
>
> --
> Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-general