Re: implement ldap authentication in PostgreSQL

mitra nazemian schrieb:
> hi,
> thanks. I know that I shoud use it
> host all all 127.0.0.1/32 <http://127.0.0.1/32>
> ldap / ldap://
> <ldap://your.domain.com/dc=company,dc=com;uid=;,ou=employees,dc=company,dc=com>your.domain.com/dc=company,dc=com;uid=
> <http://your.domain.com/dc=company,dc=com;uid=>;,ou=employees,dc=company,dc=com
>
> in pg_hba.conf. I have a basic problem. I am new in PostgreSQL and linux.
> I dont know where I shoud define dc, ou and my domain.
> thanks in advance.

ok - I think you should first get some info about LDAP and how to use it. What I've shown
is the way you can handle a ldap authentication and that's it what you can do or have to
set up in postgresql's pg_hba.conf. The rest is not related to postgresql at all (setting
up a directory in ldap and so on).

Cheers

Andy

>
> On Tue, Jul 21, 2009 at 10:38 AM, Andreas Wenk
> <a(dot)wenk(at)netzmeister-st-pauli(dot)de <mailto:a(dot)wenk(at)netzmeister-st-pauli(dot)de>>
> wrote:
>
> Andreas Wenk schrieb:
>
> mitra nazemian schrieb:
>
> thanks
> but I has read them. I dont understand where I shoud spacify
> the cn, dn in postgresql too use them in pg_hba.conf.
> please help me
>
> On Mon, Jul 20, 2009 at 11:50 AM, Andreas Wenk
> <a(dot)wenk(at)netzmeister-st-pauli(dot)de
> <mailto:a(dot)wenk(at)netzmeister-st-pauli(dot)de>
> <mailto:a(dot)wenk(at)netzmeister-st-pauli(dot)de
> <mailto:a(dot)wenk(at)netzmeister-st-pauli(dot)de>>> wrote:
>
> mitra nazemian schrieb:
>
> hi,
> I want too implement ldap authentication in
> PostgreSQL in linux,
> but I cant.
> Please help me...
> Tanx
>
> Hi,
>
> first you should understand the basics of authentication
> in postgresql.
>
>
> http://www.postgresql.org/docs/current/static/client-authentication.html
>
> Then jump to this manual part:
>
>
> http://www.postgresql.org/docs/current/static/auth-methods.html#AUTH-LDAP
>
> Cheers
>
> Andy
>
> -- Sent via pgsql-admin mailing list
> (pgsql-admin(at)postgresql(dot)org <mailto:pgsql-admin(at)postgresql(dot)org>
> <mailto:pgsql-admin(at)postgresql(dot)org
> <mailto:pgsql-admin(at)postgresql(dot)org>>)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-admin
>
>
> Hi ,
>
> for postgresql versions 8.2, 8.3 use this in your pg_hba.conf:
>
> host all all 127.0.0.1/32
> <http://127.0.0.1/32> ldap /
> "ldap://your.domain.com/dc=company,dc=com;uid=
> <http://your.domain.com/dc=company,dc=com;uid=>;,ou=employees,dc=company,dc=com"
>
>
> In postgresql 8.4 use this:
>
> host all all 127.0.0.1/32
> <http://127.0.0.1/32> ldap ldapserver=your.domain.com
> <http://your.domain.com/> / ldapprefix="uid="
> ldapsuffix=",ou=employees,dc=company,dc=com"
>
> This is not tested since I don't have ldap support in 8.4. But
> it's the way it works.
>
> Everything is in one line. You have to set your.domain.com
> <http://your.domain.com/>, company, com and employees.
>
> A small hint - please don't forget to reply also to the list ...
>
> Cheers
>
> Andy
>
> P.S.: As I am not a sysadmin, thanks for help goes to Andreas
> Putzo ;-)
>
>
> just had a look to my reply and I saw everything in one line. So the
> / sign is just to mark a line break - just drop it ....
>
> Cheers
>
> Andy
>
>