From: | Dick Davies <rasputnik(at)hellooperator(dot)net> |
---|---|
To: | PostgreSQL Admin <pgsql-admin(at)postgresql(dot)org> |
Subject: | Re: postgresql 7.4.6 and pam_ldap |
Date: | 2005-01-06 09:53:01 |
Message-ID: | 20050106095301.GH12003@lb.tenfour |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
* Thomas Leduc <thomas(dot)leduc(at)cerma(dot)archi(dot)fr> [0130 09:30]:
> Le 5 janvier 2005 ? 22:20, G?mes G?za a ?crit :
>
> $ cat /etc/pam.d/postgresql
> auth required /lib/security//pam_ldap.so
Stick a 'debug' after the .so there, see if anything else turns up.
> $ cat pg_hba.conf
> local all postgres ident sameuser
> local all all pam
> host all all 127.0.0.1/32 pam
> host all all 192.168.10.0/24 pam
>
> $ sed '/^#/d;/^$/d' /etc/ldap.conf
> host 192.168.10.2
> base ou=Users,dc=cerma,dc=archi,dc=fr
> ssl no
> pam_password md5
can you bind as the user with these settings? I't's probably morth ensuring
you are looking for the right objectclass too, by explicityl setting in in
/etc/ldap.conf .
> # tail -f /var/log/postgresql
> Jan 6 10:14:06 tage postgres[21450]: [1-1] TRACE: 00000: pam_authenticate a ?chou? : Conversation error
> Jan 6 10:14:06 tage postgres[21450]: [1-2] EMPLACEMENT : CheckPAMAuth, auth.c:712
> Jan 6 10:14:06 tage postgres[21450]: [2-1] FATAL: 28000: PAM authentication ?chou?e pour l'utilisateur "leduc"
> Jan 6 10:14:06 tage postgres[21450]: [2-2] EMPLACEMENT : auth_failed, auth.c:395
> Jan 6 10:14:06 tage postgres[21450]: [3-1] ERREUR: 08006: Impossible d'envoyer les donn?es du client : Relais bris? (pipe)
> Jan 6 10:14:06 tage postgres[21450]: [3-2] EMPLACEMENT : internal_flush, pqcomm.c:1000
> Jan 6 10:14:09 tage postgres[21451]: [1-1] TRACE: 00000: pam_acct_mgmt a ?chou? : User account has expired
> Jan 6 10:14:09 tage postgres[21451]: [1-2] EMPLACEMENT : CheckPAMAuth, auth.c:723
> Jan 6 10:14:09 tage postgres[21451]: [2-1] FATAL: 28000: PAM authentication ?chou?e pour l'utilisateur "leduc"
> Jan 6 10:14:09 tage postgres[21451]: [2-2] EMPLACEMENT : auth_failed, auth.c:395
>
> => "User account has expired" seems not to be true !
--
'I should have been a plumber.' -- Albert Einstein
Rasputin :: Jack of All Trades - Master of Nuns
From | Date | Subject | |
---|---|---|---|
Next Message | Rupa Schomaker (lists) | 2005-01-06 11:10:16 | 7.4 and schema 'maintainance' |
Previous Message | Thomas Leduc | 2005-01-06 09:19:01 | Re: postgresql 7.4.6 and pam_ldap |