Thread: ldap authentication multiple ou objects
Is there a way to do ldap authentication in pg_hba on a structure that has multiple ou objects? Lets say I have an ou=Users and then an ou per dept. I want the ldap to do authentication no matter which ou the user is in. My current ldap string is: ldap://ldap.server.local/Users;uid=;,ou=Users,dc=server,dc=local and it works if the user is only in the ou=Users but if he is in any sub ou it gives authentication failed. Thanks SIm
On 02/23/2011 10:27 PM, Magnus Hagander wrote: > On Wed, Feb 23, 2011 at 11:43, Sim Zacks<sim@compulab.co.il> wrote: >> Is there a way to do ldap authentication in pg_hba on a structure that has >> multiple ou objects? >> >> Lets say I have an ou=Users and then an ou per dept. >> >> I want the ldap to do authentication no matter which ou the user is in. >> >> >> My current ldap string is: >> >> ldap://ldap.server.local/Users;uid=;,ou=Users,dc=server,dc=local >> >> and it works if the user is only in the ou=Users but if he is in any sub ou >> it gives authentication failed. > Yes, if you use the search+bind mode you can search across a > hierarchy. See http://www.postgresql.org/docs/9.0/static/auth-methods.html#AUTH-LDAP, > look under "search+bind". I guess that's new in 9.0 We're still stuck in 8.2land for the time being. Thanks Sim
On 02/24/2011 12:51 AM, Michael Black wrote:
I tried a number of possibilities for the ldap url based on the LDAP URL section and I'm guessing that pg 8.2 doesn't support the ?scope variable. According to the documentation it is supported in 9.0 but not in the same format as the RFC documentation in the link you sent me.Look at the "Search Filters" and "LDAP URL" sections of http://quark.humbug.org.au/publications/ldap/ldap_tut.html . There are some samples of "wildcard" filters there.
Thanks
Sim
> Date: Wed, 23 Feb 2011 12:43:45 +0200
> From: sim@compulab.co.il
> To: pgsql-general@postgresql.org
> Subject: [GENERAL] ldap authentication multiple ou objects
>
> Is there a way to do ldap authentication in pg_hba on a structure that
> has multiple ou objects?
>
> Lets say I have an ou=Users and then an ou per dept.
>
> I want the ldap to do authentication no matter which ou the user is in.
>
>
> My current ldap string is:
>
> ldap://ldap.server.local/Users;uid=;,ou=Users,dc=server,dc=local
>
> and it works if the user is only in the ou=Users but if he is in any sub
> ou it gives authentication failed.
>
>
> Thanks
>
> SIm
>
>
> --
> Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-general