Re: Postgresql gss user map doesn't work
| От | xujian |
|---|---|
| Тема | Re: Postgresql gss user map doesn't work |
| Дата | |
| Msg-id | BAY181-W71CB79F1AE6A7FEB6F3B33A1A90@phx.gbl обсуждение исходный текст |
| Ответ на | Re: Postgresql gss user map doesn't work (Scott Whitney <scott@journyx.com>) |
| Список | pgsql-admin |
Thanks Scott. I think this is what pg_ident.conf does, right?
From: scott@journyx.com
To: jamesxu@outlook.com; pgsql-admin@postgresql.org
Subject: Re: [ADMIN] Postgresql gss user map doesn't work
Date: Tue, 30 Jun 2015 21:56:54 +0000
Well, that's just going to be your underlying authentication method. Say you want to authenticate via LDAP using ADS. Well, you have 2 basic choice. "My name@mydomain.whatever.internal.local" Probably .local. You're just asking PG to auth against "something else." You have to configure that in the underlying OS/directory store.
-------- Original message --------
From: xujian <jamesxu@outlook.com>
Date: 06/30/2015 4:40 PM (GMT-06:00)
To: pgsql-admin@postgresql.org
Subject: Re: [ADMIN] Postgresql gss user map doesn't work
in pg_ident.conf , I specify the mapping rule to map xxx@COMPANY.COM username to pg user name company_com_xxx
# MAPNAME SYSTEM-USERNAME PG-USERNAME
mymap /^(.*)@COMPANY\.COM$ company_com_\1
in postgresql document, it has the example which is similar with mine, but it is not gss authentication
mymap /^(.*)@mydomain\.com$ \1 mymap /^(.*)@otherdomain\.com$ guest
I am not sure why I am not able to map my credential to other db users. thanks
James
From: scott@journyx.com
To: jamesxu@outlook.com; pgsql-admin@postgresql.org
Subject: Re: [ADMIN] Postgresql gss user map doesn't work
Date: Tue, 30 Jun 2015 21:56:54 +0000
-------- Original message --------
From: xujian <jamesxu@outlook.com>
Date: 06/30/2015 4:40 PM (GMT-06:00)
To: pgsql-admin@postgresql.org
Subject: Re: [ADMIN] Postgresql gss user map doesn't work
it looks like I need to specify the mapping user name in the command, for instance, if my credential is xxx, I want to login as user company_com_xxx, I have to run command like
From: jamesxu@outlook.com
To: pgsql-admin@postgresql.org
Subject: Postgresql gss user map doesn't work
Date: Tue, 30 Jun 2015 12:56:47 -0400
/psql -d dbname -h postgresql.server.name -U company_com_xxx
but why I need to specify the mapping user name company_com_xxx in command line?
does anyone have same issue? thanks
James
From: jamesxu@outlook.com
To: pgsql-admin@postgresql.org
Subject: Postgresql gss user map doesn't work
Date: Tue, 30 Jun 2015 12:56:47 -0400
Hello,
I have a problem when I am using gss map. I want to map the user xxx@company.com to db role company_com_xxx
here is my pa_hba.conf:
=================
# TYPE DATABASE USER ADDRESS METHOD
host all all all gss include_realm=1 map=mymap
here is the pg_ident.conf
=================
# MAPNAME SYSTEM-USERNAME PG-USERNAME
mymap /(.*)@COMPANY.COM company_com_\1
However, it doesn't work, I got error message
=================
LOG: no match in usermap "mymap" for user "xxx" authenticated as "xxx@COMPANY.COM"
FATAL: GSSAPI authentication failed for user "xxx"
DETAIL: Connection matched pg_hba.conf line 88: "host all all all gss include_realm=1 map=mymap"
but if I changed the map to
=================
# MAPNAME SYSTEM-USERNAME PG-USERNAME
mymap /(.*)@COMPANY.COM \1
then I can login, I have created role xxx and company_com_xxx in db side. even if I hard code the username in the mapping like
=================
# MAPNAME SYSTEM-USERNAME PG-USERNAME
mymap /(.*)@COMPANY.COM company_com_xxx
it still doesn't work. any idea?
Thanks in advance!
James
Journyx, Inc.
7600 Burnet Road #300
Austin, TX 78757
www.journyx.com
Austin, TX 78757
www.journyx.com
p 512.834.8888
f 512-834-8858
Do you receive our promotional emails? You can subscribe or unsubscribe to those emails at http://go.journyx.com/emailPreference/e/4932/714/
В списке pgsql-admin по дате отправления: