Skip site navigation (1) Skip section navigation (2)

Re: Using LDAP with postgresql 8.2

From: Gémes Géza <geza(at)kzsdabas(dot)hu>
To: pgsql-admin(at)postgresql(dot)org
Subject: Re: Using LDAP with postgresql 8.2
Date: 2010-10-29 05:12:04
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-admin
I'm not an AD expert myself, but I've read somewhere, that AD disallows
simple binds without using ssl.
You could try enabling ssl on AD, or try the krb5 authentication method
for pg.

Good Luck

> I've setup LDAP on Postgresql 8.3.6 by adding the following line to
> pg_hba.conf. My Active Directory has a group called 'users group'
> which contains an entry for user pgtest.
> host   all   pgtest      ldap
> "ldap://;cn=;,ou=users
> group,dc=mydomain,dc=com"
> I have restarted the PG server but when I try to connect via psql from
> another host, I get the following error: -
> 2010-10-28 16:30:36 BST [1095]: [2-1] FATAL:  LDAP authentication
> failed for user "pgtest"
> 2010-10-28 16:30:36 BST [1096]: [1-1] LOG:  LDAP login failed for user
> "cn=pgtest,ou=users group,dc=mydomain,dc=com" on server
> "": error code 49
> So it looks like the cn, ou and dc parameters are correct, but for
> some reason Openldap is returning error 49, which is a generic
> authentication failure message.
> Can anyone suggest anything that I might be doing wrong? Could it be
> the line in pg_hba.conf that is wrong, or possibly the ldap package on
> the server (debian linux) not working
>  properly?
> Any ideas much appreciated!
> ------------------------------------------------------------------------
> From: kierenscott(at)hotmail(dot)com
> To: pgsql-admin(at)postgresql(dot)org
> Subject: Using LDAP with postgresql 8.2
> Date: Wed, 27 Oct 2010 17:57:32 +0000
> Hi,
> I'm looking to implement LDAP authentication againt Active Directory
> for my
> Postgresql databases. What's people experiences of using LDAP for
> authenticating logins with AD?
> Is it easy to setup and is there anything to watch out for e.g. does
> Postgresql do anything
> intrusive on Active Directory (create anything) or does it just simply
> bind to AD, validate the
> username/password pair and return success/failure back to the client?
> Many thanks!

In response to


pgsql-admin by date

Next:From: Dragos Valentin MoinescuDate: 2010-10-29 13:02:53
Subject: plpythonu: how to catch plpy.execute() exceptions
Previous:From: Uwe BartelsDate: 2010-10-28 15:54:58
Subject: problem with rules

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group