Обсуждение: postgres authentication
Hi everybody,
I am having a problem with crating user. It has to do
with authentication. What I want is to authenticate
a user via an ldap server.
I created postgres account by:
create user donder with
createdb
login
in group analysis;
and added the following line to pg_hba.conf file:
host all donder ldap://amarula.egcrc.orgsent
sent a hup signal like this:
pg_ctl -D /usr/local/pgsql/data reload
When I become user donder to connect to database, this is what I get:
psql: FATAL: missing or erroneous pg_hba.conf file
HINT: See server log for details.
The serverlog says:
LOG: invalid IP address "ldap:" in file "/usr/local/pgsql/data/pg_hba.conf" line 55: Name or service not known
FATAL: missing or erroneous pg_hba.conf file
HINT: See server log for details.
I am looking at the manual, PostgreSQL 8.2.1 Documentation, chapter 20.
In section 20.2.5, they talk about ldap authentication, but it's
a bit sketchy. The example given is:
ldap://ldap.example.net/dc=example,dc=net;EXAMPLE\
I have no idea what "dc=" means, and what does ";EXAMPLE\" mean?
Can anyone please explain what this means? If you have done
what I am trying to do, please furnish a working example.
Many thanks.
Regards,
Tena Sakai
tsakai@gallo.ucsf.edu
"Tena Sakai" <tsakai@gallo.ucsf.edu> writes: > and added the following line to pg_hba.conf file: > host all donder ldap://amarula.egcrc.orgsent I know nothing about ldap, but this is clearly not a correct host line: you forgot the address field(s), and that last bit should be an option not the auth method name. I would imagine that what you need is something like host all donder 192.168.1.0/24 ldap ldap://amarula.egcrc.orgsent (adjust address to suit, of course) regards, tom lane
Hi Tom,
Thanks for your comment/advice. It is an improvement, but...
I adjusted the line in pg_hba.conf to:
host all donder 172.16.XX.XX/32 ldap ldap://amarula.egcrc.org
and what I get as user donder is:
-bash-3.00$ psql canon
Password:
psql: FATAL: password authentication failed for user "donder"
In the serverlog file, I get:
FATAL: password authentication failed for user "donder"
I need a working ldap example for pg_hba.conf desparately.
Can somebody please help?
Also, if somebody can explain what the example on page 352 of 8.2.1
manual:
ldap://ldap.example.net/dc=example,dc=net;EXAMPLE\
means, I would appreciate it greatly.
Regards,
Tena Sakai
tsakai@gallo.ucsf.edu
-----Original Message-----
From: Tom Lane [mailto:tgl@sss.pgh.pa.us]
Sent: Tue 8/7/2007 9:31 PM
To: Tena Sakai
Cc: pgsql-admin@postgresql.org
Subject: Re: [ADMIN] postgres authentication
"Tena Sakai" <tsakai@gallo.ucsf.edu> writes:
> and added the following line to pg_hba.conf file:
> host all donder ldap://amarula.egcrc.orgsent
I know nothing about ldap, but this is clearly not a correct host line:
you forgot the address field(s), and that last bit should be an option
not the auth method name. I would imagine that what you need is
something like
host all donder 192.168.1.0/24 ldap ldap://amarula.egcrc.orgsent
(adjust address to suit, of course)
regards, tom lane