Обсуждение: postgres authentication

Hi everybody,

I am having a problem with crating user.  It has to do
with authentication.  What I want is to authenticate
a user via an ldap server.

I created postgres account by:
    create user donder with
           createdb
           login
           in group analysis;

and added the following line to pg_hba.conf file:
    host    all     donder          ldap://amarula.egcrc.orgsent

sent a hup signal like this:
    pg_ctl -D /usr/local/pgsql/data reload

When I become user donder to connect to database, this is what I get:
    psql: FATAL:  missing or erroneous pg_hba.conf file
    HINT:  See server log for details.

The serverlog says:
    LOG:  invalid IP address "ldap:" in file "/usr/local/pgsql/data/pg_hba.conf" line 55: Name or service not known
    FATAL:  missing or erroneous pg_hba.conf file
    HINT:  See server log for details.

I am looking at the manual, PostgreSQL 8.2.1 Documentation, chapter 20.
In section 20.2.5, they talk about ldap authentication, but it's
a bit sketchy.  The example given is:
  ldap://ldap.example.net/dc=example,dc=net;EXAMPLE\

I have no idea what "dc=" means, and what does ";EXAMPLE\" mean?
Can anyone please explain what this means?  If you have done
what I am trying to do, please furnish a working example.

Many thanks.

Regards,

Tena Sakai
tsakai@gallo.ucsf.edu

"Tena Sakai" <tsakai@gallo.ucsf.edu> writes:
> and added the following line to pg_hba.conf file:
>     host    all     donder          ldap://amarula.egcrc.orgsent

I know nothing about ldap, but this is clearly not a correct host line:
you forgot the address field(s), and that last bit should be an option
not the auth method name.  I would imagine that what you need is
something like

host    all     donder  192.168.1.0/24  ldap ldap://amarula.egcrc.orgsent

(adjust address to suit, of course)

            regards, tom lane

Hi Tom,

Thanks for your comment/advice.  It is an improvement, but...

I adjusted the line in pg_hba.conf to:
    host    all     donder          172.16.XX.XX/32 ldap ldap://amarula.egcrc.org
and what I get as user donder is:
    -bash-3.00$ psql canon
    Password:
    psql: FATAL:  password authentication failed for user "donder"
In the serverlog file, I get:
    FATAL:  password authentication failed for user "donder"

I need a working ldap example for pg_hba.conf desparately.
Can somebody please help?

Also, if somebody can explain what the example on page 352 of 8.2.1
manual:
    ldap://ldap.example.net/dc=example,dc=net;EXAMPLE\
means, I would appreciate it greatly.

Regards,

Tena Sakai
tsakai@gallo.ucsf.edu


-----Original Message-----
From: Tom Lane [mailto:tgl@sss.pgh.pa.us]
Sent: Tue 8/7/2007 9:31 PM
To: Tena Sakai
Cc: pgsql-admin@postgresql.org
Subject: Re: [ADMIN] postgres authentication

"Tena Sakai" <tsakai@gallo.ucsf.edu> writes:
> and added the following line to pg_hba.conf file:
>     host    all     donder          ldap://amarula.egcrc.orgsent

I know nothing about ldap, but this is clearly not a correct host line:
you forgot the address field(s), and that last bit should be an option
not the auth method name.  I would imagine that what you need is
something like

host    all     donder  192.168.1.0/24  ldap ldap://amarula.egcrc.orgsent

(adjust address to suit, of course)

                        regards, tom lane