Re: PostgreSQL and OpenLdap

On Sun, Feb 11, 2007 at 08:54:56PM -0200, Cristiano Panvel wrote:
> Hi Friends,
>
> This is my first post in the list.
>
> I am not obtaining authentication my users of PostgreSQL in OpenLdap.
>
> 1) PostgreSQL was compiled with the support to ldap in a FreeBSD System.
> "option --with-ldap for configure".
>
> 2) The user also exists in the base of the OpenLdap
>
> 3) Already I also added the line of configuration in "pg_hba.conf" and
> in the "pg_service.conf"
>
> $ tail /etc/pg_service.conf
> ldap://ldap.cb.sc.gov.br/dc=cb,dc=sc,dc=gov,dc=br

This is not for LDAP authentication, it's for service lookup only. If
you just want LADP auth, you can get rid of it. If you want both, I'd
suggest doing one thing at a time - get rid of it for now until auth
works, then put it back in later.

> $ cat /usr/local/pgsql/data/pg_hba.conf
>
> local all all trust
>
> host all all 10.193.4.0/24 md5
>
> ldap://ldap.cb.sc.gov.br/dc=cb,dc=sc,dc=gov,dc=br

I assume this is all on one line. In which case it's incorrect - you
can't have both md5 and ldap on teh same line. It should be:
host all all 10.193.4.0/24 ldap ldap://....

> 4) To create the usuary I make thus
>
> # su - pgsql
> % createuser scott
>
> After the made configurations, I try to effect login and is error of
> password.
>
> remote# psql postgresql -h server -U scott -W
> psql: FATAL: password authentication failed for user "scott"
>

What you really need to look at here is the server logs, not the client
output. It should tell you what it's trying to do (in your case, it
would indicate that it's not trying to do LDAP) and how its' failing.

//Magnus