| From: | Scott Whitney <scott(at)journyx(dot)com> |
|---|---|
| To: | Gémes Géza <geza(at)kzsdabas(dot)hu> |
| Cc: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: Using LDAP with postgresql 8.2 |
| Date: | 2010-10-29 19:35:45 |
| Message-ID: | 8247833.8831.1288380945784.JavaMail.root@zimbra.int.journyx.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
There are ways to enable it, but in general, yes, you're right. In AD you have to do some magic to bind if you're not part of the actual AD forest.
Hi,
I'm not an AD expert myself, but I've read somewhere, that AD disallows
simple binds without using ssl.
You could try enabling ssl on AD, or try the krb5 authentication method
for pg.
Good Luck
Geza
>
> I've setup LDAP on Postgresql 8.3.6 by adding the following line to
> pg_hba.conf. My Active Directory has a group called 'users group'
> which contains an entry for user pgtest.
>
> host all pgtest xx.xxx.x.x/xx ldap
> "ldap://server.mydomain.com:389/basedn;cn=;,ou=users
> group,dc=mydomain,dc=com"
>
> I have restarted the PG server but when I try to connect via psql from
> another host, I get the following error: -
>
> 2010-10-28 16:30:36 BST [1095]: [2-1] FATAL: LDAP authentication
> failed for user "pgtest"
> 2010-10-28 16:30:36 BST [1096]: [1-1] LOG: LDAP login failed for user
> "cn=pgtest,ou=users group,dc=mydomain,dc=com" on server
> "server.mydomain.com": error code 49
>
> So it looks like the cn, ou and dc parameters are correct, but for
> some reason Openldap is returning error 49, which is a generic
> authentication failure message.
>
> Can anyone suggest anything that I might be doing wrong? Could it be
> the line in pg_hba.conf that is wrong, or possibly the ldap package on
> the server (debian linux) not working
> properly?
>
> Any ideas much appreciated!
>
>
> ------------------------------------------------------------------------
> From: kierenscott(at)hotmail(dot)com
> To: pgsql-admin(at)postgresql(dot)org
> Subject: Using LDAP with postgresql 8.2
> Date: Wed, 27 Oct 2010 17:57:32 +0000
>
> Hi,
>
> I'm looking to implement LDAP authentication againt Active Directory
> for my
> Postgresql databases. What's people experiences of using LDAP for
> authenticating logins with AD?
> Is it easy to setup and is there anything to watch out for e.g. does
> Postgresql do anything
> intrusive on Active Directory (create anything) or does it just simply
> bind to AD, validate the
> username/password pair and return success/failure back to the client?
>
> Many thanks!
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Victor Hugo | 2010-10-29 19:36:15 | Re: Using LDAP with postgresql 8.2 |
| Previous Message | Gémes Géza | 2010-10-29 19:28:45 | Re: Using LDAP with postgresql 8.2 |