https://www.postgresql.org/docs/16/auth-peer.html
https://www.postgresql.org/docs/16/auth-ident.html
https://www.postgresql.org/docs/16/auth-username-maps.html

My setup is PostgreSQL 16.4 (ubuntu 22.04).
'oidentd' daemon is up and running.

I have two OS users:
smokeybear
SMOKEYBEAR

groupadd -g 131 smokeybear
useradd -u 131 -d /tmp -g 131 -s /bin/bash smokeybear
groupadd -g 132 SMOKEYBEAR
useradd -u 132 -d /tmp -g 132 -s /bin/bash SMOKEYBEAR

tee /tmp/.bash_profile << EOF
export PGHOME=/usr/lib/postgresql/16
export PATH=\$PGHOME/bin:\$PATH
export PGDATABASE=postgres
EOF
chmod 0666 /tmp/.bash_history


I have one DB user:
smokeybear

psql -c "create user smokeybear"



1a) 'local' connection method without regular expressions

The first connect is under OS 'smokeybear' user:

test01 - connection success
-pg_ident.conf with one line:
rule01 smokeybear smokeybear
-pg_hba.conf with two lines:
local all postgres peer
local all all peer map=rule01

smokeybear@wsl2:~$ psql -U smokeybear -h /var/run/postgresql -c "\conninfo"
You are connected to database "postgres" as user "smokeybear" via socket in "/var/run/postgresql" at port "5432".

The second connect is under OS 'SMOKEYBEAR' user:

test02 - connection success
-pg_ident.conf with one line:
rule02 SMOKEYBEAR smokeybear
-pg_hba.conf with two lines:
local all postgres peer
local all all peer map=rule02

SMOKEYBEAR@wsl2:~$ psql -U smokeybear -h /var/run/postgresql -c "\conninfo"
You are connected to database "postgres" as user "smokeybear" via socket in "/var/run/postgresql" at port "5432".

So, test01 and test02 results are expected and according to documentation.



1b) 'local' connection method with regular expressions

The first connect is under OS 'smokeybear' user:

test03 - connection success
-pg_ident.conf with one line:
rule03 /(?i)^(.*SMOKEYBEAR)$ \1
-pg_hba.conf with two lines:
local all postgres peer
local all all peer map=rule03

smokeybear@wsl2:~$ psql -U smokeybear -h /var/run/postgresql -c "\conninfo"
You are connected to database "postgres" as user "smokeybear" via socket in "/var/run/postgresql" at port "5432".

test04 - connection failure
-pg_ident.conf with one line:
rule04 /(?c)^(.*SMOKEYBEAR)$ \1
-pg_hba.conf with two lines:
local all postgres peer
local all all peer map=rule04

smokeybear@wsl2:~$ psql -U smokeybear -h /var/run/postgresql -c "\conninfo"
psql: error: connection to server on socket "/var/run/postgresql/.s.PGSQL.5432" failed: FATAL:  Peer authentication failed for user "smokeybear"

Based on test03 and test04 results, it looks like (?i) and (?c) worked as expected.

The second connect is under OS 'SMOKEYBEAR' user:

test05 - connection failure
-pg_ident.conf with one line:
rule03 /(?i)^(.*SMOKEYBEAR)$ \1
-pg_hba.conf with two lines:
local all postgres peer
local all all ident map=rule03

SMOKEYBEAR@wsl2:~$ psql -U smokeybear -h /var/run/postgresql -c "\conninfo"
psql: error: connection to server on socket "/var/run/postgresql/.s.PGSQL.5432" failed: FATAL:  Peer authentication failed for user "smokeybear"

test06 - connection failure
-pg_ident.conf with one line:
rule04 /(?c)^(.*SMOKEYBEAR)$ \1
-pg_hba.conf with two lines:
local all postgres peer
local all all ident map=rule04

SMOKEYBEAR@wsl2:~$ psql -U smokeybear -h /var/run/postgresql -c "\conninfo"
psql: error: connection to server on socket "/var/run/postgresql/.s.PGSQL.5432" failed: FATAL:  Peer authentication failed for user "smokeybear"

So, it looks like the result of test06 is expected.
But what about the result of test05 ?
Its 'pg_ident.conf' file is identical to the 'pg_ident.conf' file of test03.
But (?i) didn't seem to work in test05.

I can be totally wrong in my expectations, of course.
So, my question is why there was a connection failure in test05 ?



2a) 'host' connection method without regular expressions

The first connect is under OS 'smokeybear' user:

test07 - connection success
-pg_ident.conf with one line:
rule01 smokeybear smokeybear
-pg_hba.conf with two lines:
local all postgres peer
host all all 0.0.0.0/0 ident map=rule01

smokeybear@wsl2:~$ psql -U smokeybear -h localhost -c "\conninfo"
You are connected to database "postgres" as user "smokeybear" on host "localhost" (address "127.0.0.1") at port "5432".
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, compression: off)

The second connect is under OS 'SMOKEYBEAR' user:

test08 - connection success
-pg_ident.conf with one line:
rule02 SMOKEYBEAR smokeybear
-pg_hba.conf with two lines:
local all postgres peer
host all all 0.0.0.0/0 ident map=rule02

SMOKEYBEAR@wsl2:~$ psql -U smokeybear -h localhost -c "\conninfo"
You are connected to database "postgres" as user "smokeybear" on host "localhost" (address "127.0.0.1") at port "5432".
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, compression: off)

So, test07 and test08 results are expected and according to documentation.



2b) 'host' connection method with regular expressions

The first connect is under OS 'smokeybear' user:

test09 - connection success
-pg_ident.conf with one line:
rule03 /(?i)^(.*SMOKEYBEAR)$ \1
-pg_hba.conf with two lines:
local all postgres peer
host all all 0.0.0.0/0 ident map=rule03

smokeybear@wsl2:~$ psql -U smokeybear -h localhost -c "\conninfo"
You are connected to database "postgres" as user "smokeybear" on host "localhost" (address "127.0.0.1") at port "5432".
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, compression: off)

test10 - connection failure
-pg_ident.conf with one line:
rule04 /(?c)^(.*SMOKEYBEAR)$ \1
-pg_hba.conf with two lines:
local all postgres peer
host all all 0.0.0.0/0 ident map=rule04

smokeybear@wsl2:~$ psql -U smokeybear -h localhost -c "\conninfo"
psql: error: connection to server at "localhost" (127.0.0.1), port 5432 failed: FATAL:  Ident authentication failed for user "smokeybear"
connection to server at "localhost" (127.0.0.1), port 5432 failed: FATAL:  Ident authentication failed for user "smokeybear"

Based on test09 and test10 results, it looks like (?i) and (?c) worked as expected.

The second connect is under OS 'SMOKEYBEAR' user:

test11 - connection failure
-pg_ident.conf with one line:
rule03 /(?i)^(.*SMOKEYBEAR)$ \1
-pg_hba.conf with two lines:
local all postgres peer
host all all 0.0.0.0/0 ident map=rule03

SMOKEYBEAR@wsl2:~$ psql -U smokeybear -h localhost -c "\conninfo"
psql: error: connection to server at "localhost" (127.0.0.1), port 5432 failed: FATAL:  Ident authentication failed for user "smokeybear"
connection to server at "localhost" (127.0.0.1), port 5432 failed: FATAL:  Ident authentication failed for user "smokeybear"

test12 - connection failure
-pg_ident.conf with one line:
rule04 /(?c)^(.*SMOKEYBEAR)$ \1
-pg_hba.conf with two lines:
local all postgres peer
host all all 0.0.0.0/0 ident map=rule04

SMOKEYBEAR@wsl2:~$ psql -U smokeybear -h localhost -c "\conninfo"
psql: error: connection to server at "localhost" (127.0.0.1), port 5432 failed: FATAL:  Ident authentication failed for user "smokeybear"
connection to server at "localhost" (127.0.0.1), port 5432 failed: FATAL:  Ident authentication failed for user "smokeybear"

So, it looks like the result of test12 is expected.
But what about the result of test11 ?
Its 'pg_ident.conf' file is identical to the 'pg_ident.conf' file of test09.
But (?i) didn't seem to work in test11.

I can be totally wrong in my expectations, of course.
So, my question is why there was a connection failure in test11 ?