Re: postgresql 7.4.6 and pam_ldap

* Thomas Leduc <thomas(dot)leduc(at)cerma(dot)archi(dot)fr> [0130 09:30]:
> Le 5 janvier 2005 ? 22:20, G?mes G?za a ?crit :
>
> $ cat /etc/pam.d/postgresql
> auth required /lib/security//pam_ldap.so

Stick a 'debug' after the .so there, see if anything else turns up.

> $ cat pg_hba.conf
> local all postgres ident sameuser
> local all all pam
> host all all 127.0.0.1/32 pam
> host all all 192.168.10.0/24 pam
>
> $ sed '/^#/d;/^$/d' /etc/ldap.conf
> host 192.168.10.2
> base ou=Users,dc=cerma,dc=archi,dc=fr
> ssl no
> pam_password md5

can you bind as the user with these settings? I't's probably morth ensuring
you are looking for the right objectclass too, by explicityl setting in in
/etc/ldap.conf .

> # tail -f /var/log/postgresql
> Jan 6 10:14:06 tage postgres[21450]: [1-1] TRACE: 00000: pam_authenticate a ?chou? : Conversation error
> Jan 6 10:14:06 tage postgres[21450]: [1-2] EMPLACEMENT : CheckPAMAuth, auth.c:712
> Jan 6 10:14:06 tage postgres[21450]: [2-1] FATAL: 28000: PAM authentication ?chou?e pour l'utilisateur "leduc"
> Jan 6 10:14:06 tage postgres[21450]: [2-2] EMPLACEMENT : auth_failed, auth.c:395
> Jan 6 10:14:06 tage postgres[21450]: [3-1] ERREUR: 08006: Impossible d'envoyer les donn?es du client : Relais bris? (pipe)
> Jan 6 10:14:06 tage postgres[21450]: [3-2] EMPLACEMENT : internal_flush, pqcomm.c:1000
> Jan 6 10:14:09 tage postgres[21451]: [1-1] TRACE: 00000: pam_acct_mgmt a ?chou? : User account has expired
> Jan 6 10:14:09 tage postgres[21451]: [1-2] EMPLACEMENT : CheckPAMAuth, auth.c:723
> Jan 6 10:14:09 tage postgres[21451]: [2-1] FATAL: 28000: PAM authentication ?chou?e pour l'utilisateur "leduc"
> Jan 6 10:14:09 tage postgres[21451]: [2-2] EMPLACEMENT : auth_failed, auth.c:395
>
> => "User account has expired" seems not to be true !

--
'I should have been a plumber.' -- Albert Einstein
Rasputin :: Jack of All Trades - Master of Nuns