Thanks Magnus,
Now I am passing the line thus pg_hba.conf
##
host all all 10.193.4.0/24 ldap
ldap://ldap.cb.sc.gov.br/dc=cb,dc=sc,dc=gov,dc=br
##
However error in login is occurring
% psql postgresql -h server -U scott -W
psql: FATAL: LDAP authentication failed for user "scott"
I must pass plus some thing.
My base Ldap:
dc=cb,dc=sc,dc=gov,dc=br
The Bind:
ou=Users
Cris.
On 2/12/07, Magnus Hagander <magnus@hagander.net> wrote:
> On Sun, Feb 11, 2007 at 08:54:56PM -0200, Cristiano Panvel wrote:
> > Hi Friends,
> >
> > This is my first post in the list.
> >
> > I am not obtaining authentication my users of PostgreSQL in OpenLdap.
> >
> > 1) PostgreSQL was compiled with the support to ldap in a FreeBSD System.
> > "option --with-ldap for configure".
> >
> > 2) The user also exists in the base of the OpenLdap
> >
> > 3) Already I also added the line of configuration in "pg_hba.conf" and
> > in the "pg_service.conf"
> >
> > $ tail /etc/pg_service.conf
> > ldap://ldap.cb.sc.gov.br/dc=cb,dc=sc,dc=gov,dc=br
>
> This is not for LDAP authentication, it's for service lookup only. If
> you just want LADP auth, you can get rid of it. If you want both, I'd
> suggest doing one thing at a time - get rid of it for now until auth
> works, then put it back in later.
>
> > $ cat /usr/local/pgsql/data/pg_hba.conf
> >
> > local all all trust
> >
> > host all all 10.193.4.0/24 md5
> >
> > ldap://ldap.cb.sc.gov.br/dc=cb,dc=sc,dc=gov,dc=br
>
> I assume this is all on one line. In which case it's incorrect - you
> can't have both md5 and ldap on teh same line. It should be:
> host all all 10.193.4.0/24 ldap ldap://....
>
>
> > 4) To create the usuary I make thus
> >
> > # su - pgsql
> > % createuser scott
> >
> > After the made configurations, I try to effect login and is error of
> > password.
> >
> > remote# psql postgresql -h server -U scott -W
> > psql: FATAL: password authentication failed for user "scott"
> >
>
> What you really need to look at here is the server logs, not the client
> output. It should tell you what it's trying to do (in your case, it
> would indicate that it's not trying to do LDAP) and how its' failing.
>
> //Magnus
>