Re: implement ldap authentication in PostgreSQL

mitra nazemian schrieb:
> hi,
> thanks. I know that I shoud use it
> host    all         all          127.0.0.1/32 <http://127.0.0.1/32>
>      ldap  / ldap://
> <ldap://your.domain.com/dc=company,dc=com;uid=;,ou=employees,dc=company,dc=com>your.domain.com/dc=company,dc=com;uid=

> <http://your.domain.com/dc=company,dc=com;uid=>;,ou=employees,dc=company,dc=com
>
> in pg_hba.conf. I have a basic problem. I am new in PostgreSQL and linux.
> I dont know where I shoud define dc, ou and my domain.
> thanks in advance.

ok - I think you should first get some info about LDAP and how to use it. What I've shown
is the way you can handle a ldap authentication and that's it what you can do or have to
set up in postgresql's pg_hba.conf. The rest is not related to postgresql at all (setting
up a directory in ldap and so on).

Cheers

Andy

>
> On Tue, Jul 21, 2009 at 10:38 AM, Andreas Wenk
> <a.wenk@netzmeister-st-pauli.de <mailto:a.wenk@netzmeister-st-pauli.de>>
> wrote:
>
>     Andreas Wenk schrieb:
>
>         mitra nazemian schrieb:
>
>             thanks
>             but I has read them. I dont understand where I shoud spacify
>             the cn, dn  in postgresql too use them in pg_hba.conf.
>             please help me
>
>             On Mon, Jul 20, 2009 at 11:50 AM, Andreas Wenk
>             <a.wenk@netzmeister-st-pauli.de
>             <mailto:a.wenk@netzmeister-st-pauli.de>
>             <mailto:a.wenk@netzmeister-st-pauli.de
>             <mailto:a.wenk@netzmeister-st-pauli.de>>> wrote:
>
>                mitra nazemian schrieb:
>
>                    hi,
>                    I want too implement ldap authentication in
>             PostgreSQL in linux,
>                    but I cant.
>                    Please help me...
>                    Tanx
>
>                Hi,
>
>                first you should understand the basics of authentication
>             in postgresql.
>
>
>              http://www.postgresql.org/docs/current/static/client-authentication.html
>
>                Then jump to this manual part:
>
>
>              http://www.postgresql.org/docs/current/static/auth-methods.html#AUTH-LDAP
>
>                Cheers
>
>                Andy
>
>                --     Sent via pgsql-admin mailing list
>             (pgsql-admin@postgresql.org <mailto:pgsql-admin@postgresql.org>
>                <mailto:pgsql-admin@postgresql.org
>             <mailto:pgsql-admin@postgresql.org>>)
>                To make changes to your subscription:
>                http://www.postgresql.org/mailpref/pgsql-admin
>
>
>         Hi ,
>
>         for postgresql versions 8.2, 8.3 use this in your pg_hba.conf:
>
>         host    all         all          127.0.0.1/32
>         <http://127.0.0.1/32>          ldap  /
>         "ldap://your.domain.com/dc=company,dc=com;uid=
>         <http://your.domain.com/dc=company,dc=com;uid=>;,ou=employees,dc=company,dc=com"
>
>
>         In postgresql 8.4 use this:
>
>         host    all         all         127.0.0.1/32
>         <http://127.0.0.1/32>          ldap ldapserver=your.domain.com
>         <http://your.domain.com/> / ldapprefix="uid="
>         ldapsuffix=",ou=employees,dc=company,dc=com"
>
>         This is not tested since I don't have ldap support in 8.4. But
>         it's the way it works.
>
>         Everything is in one line. You have to set your.domain.com
>         <http://your.domain.com/>, company, com and employees.
>
>         A small hint - please don't forget to reply also to the list ...
>
>         Cheers
>
>         Andy
>
>         P.S.: As I am not a sysadmin, thanks for help goes to Andreas
>         Putzo ;-)
>
>
>     just had a look to my reply and I saw everything in one line. So the
>     / sign is just to mark a line break - just drop it ....
>
>     Cheers
>
>     Andy
>
>