Обсуждение: postgresql and LDAP
Hi, I've just compiled 8.3.6 with ldap support yet I get 'FATAL: missing or erroneous pg_hba.conf file' when I try to connect. There weren't any errors during the compile, and ldd shows LDAP: postgres@schema-mgmt:/opt/pgdata/log/pgsql83$ ldd /opt/dbs/pgsql83/bin/postmaster | grep ldap libldap_r-2.4.so.2 => /usr/lib/libldap_r-2.4.so.2 (0xb7fd5000) This is on ubuntu linux, and the only configure option besides prefix was '--with-ldap' -- JP Fletcher Database Administrator Afilias Canada voice: 416.646.3304 ext. 4123 fax: 416.646.3305 mobile: 416.561.4763 jpfletch@ca.afilias.info
JP Fletcher <jpfletch@ca.afilias.info> writes: > I've just compiled 8.3.6 with ldap support yet I get > 'FATAL: missing or erroneous pg_hba.conf file' > when I try to connect. Can't help you much when you don't show us the pg_hba.conf file ;-) However, a tip that might help is that there should be more information about the problem in the postmaster log. We intentionally don't send details about the conf file's contents to the client... regards, tom lane
Tom Lane <tgl@sss.pgh.pa.us> writes: > JP Fletcher <jpfletch@ca.afilias.info> writes: >> I've just compiled 8.3.6 with ldap support yet I get >> 'FATAL: missing or erroneous pg_hba.conf file' >> when I try to connect. > > Can't help you much when you don't show us the pg_hba.conf file ;-) > > However, a tip that might help is that there should be more information > about the problem in the postmaster log. We intentionally don't send > details about the conf file's contents to the client... Perhaps we should send a HINT to the client saying to consult the postmaster logs? -- Gregory Stark EnterpriseDB http://www.enterprisedb.com Ask me about EnterpriseDB's RemoteDBA services!
2009/3/10 Gregory Stark <stark@enterprisedb.com>: > Tom Lane <tgl@sss.pgh.pa.us> writes: > >> JP Fletcher <jpfletch@ca.afilias.info> writes: >>> I've just compiled 8.3.6 with ldap support yet I get >>> 'FATAL: missing or erroneous pg_hba.conf file' >>> when I try to connect. >> >> Can't help you much when you don't show us the pg_hba.conf file ;-) >> >> However, a tip that might help is that there should be more information >> about the problem in the postmaster log. We intentionally don't send >> details about the conf file's contents to the client... > > Perhaps we should send a HINT to the client saying to consult the postmaster > logs? > IMHO I think is quite dangerous because someone with experience could guess some security details. But, could be configure the client verbose from the postgresql.conf, in that case could be useful. > -- > Gregory Stark > EnterpriseDB http://www.enterprisedb.com > Ask me about EnterpriseDB's RemoteDBA services! > > -- > Sent via pgsql-general mailing list (pgsql-general@postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-general > -- Emanuel Calvo Franco Sumate al ARPUG ! (www.postgres-arg.org - www.arpug.com.ar) ArPUG / AOSUG Member Postgresql Support & Admin
Emanuel Calvo Franco <postgres.arg@gmail.com> writes: > 2009/3/10 Gregory Stark <stark@enterprisedb.com>: >> Tom Lane <tgl@sss.pgh.pa.us> writes: >>> However, a tip that might help is that there should be more information >>> about the problem in the postmaster log. We intentionally don't send >>> details about the conf file's contents to the client... >> >> Perhaps we should send a HINT to the client saying to consult the postmaster >> logs? egg on my face -- we already *do* have such a hint: ereport(FATAL, (errcode(ERRCODE_CONFIG_FILE_ERROR), errmsg("missing or erroneous pg_hba.conf file"), errhint("See server log for details."))); > IMHO I think is quite dangerous because someone with experience could guess > some security details. How? -- Gregory Stark EnterpriseDB http://www.enterprisedb.com Ask me about EnterpriseDB's 24x7 Postgres support!
FYI, I did see the message returned to my client, and did look in the server logs. Trouble was, the message in the log was no more helpful than the one returned to my client, with the exception of pointing me to the line number in pg_hba.conf. Gregory Stark wrote: > Tom Lane <tgl@sss.pgh.pa.us> writes: > > >> JP Fletcher <jpfletch@ca.afilias.info> writes: >> >>> I've just compiled 8.3.6 with ldap support yet I get >>> 'FATAL: missing or erroneous pg_hba.conf file' >>> when I try to connect. >>> >> Can't help you much when you don't show us the pg_hba.conf file ;-) >> >> However, a tip that might help is that there should be more information >> about the problem in the postmaster log. We intentionally don't send >> details about the conf file's contents to the client... >> > > Perhaps we should send a HINT to the client saying to consult the postmaster > logs? > > -- JP Fletcher Database Administrator Afilias Canada voice: 416.646.3304 ext. 4123 fax: 416.646.3305 mobile: 416.561.4763 jpfletch@ca.afilias.info