On Tue, 2009-08-04 at 21:41 -0400, Richard Esmonde wrote:
> Three days into this I am none the wiser - I’m exhausting Google
> servers. Can anyone tell me what I have forgotten to do or have
> overlooked in getting this setup correctly? To my mind it’s behaving
> as though it’s not honoring anything I have put in the pg_hba.conf for
> Remote TCP/IP connections. I have to be missing something super
> simple….. a postgres-ldap add-on for Postgres on Ubuntu perhaps?
On my Ubuntu 9.04 system `postmaster' links directly to libldap, and
appears to support LDAP authentication. I don't see any additional auth
modules in the respository. So, no, I doubt you need anything extra.
Are you sure your posted pg_hba.conf was right? You had:
host all all 10.5.5.0 255.255.255.0 password
host all all 10.5.5.0 255.255.255.0 ldap "ldap://master1.
belfry.lan:389/ou=Belfry
Users,ou=programmers;dc=belfry,dc=lan;cn=*;BELFRY\"
... so you wouldn't even be trying LDAP authentication. Any user trying
to connect to any DB from the 10.5.5.0/24 range would be expected to use
password auth. The LDAP auth line can never match.
Maybe instead of "all" users for password auth you wanted to (eg) only
require password auth for the "postgres" user?
If that's not the issue: Try watching for LDAP traffic with wireshark;
see if there's any communication. Also, use `ldapsearch' from the host
running Pg to query AD, make sure that works.
--
Craig Ringer