Обсуждение: [ADMIN] Configuring LDAP in the pg_hba.conf file
Hi all,
I've been slowly going nuts with trying to get LDAP authentication working. The following edited ldapsearch string works exactly as I need it:ldapsearch -h ldap.example.com -b "dc=example,dc=com" -D "uid=pgsqlldap,cn=users,cn=accounts,dc=example,dc=com" "(&(uid=myuid)(memberOf=cn=pgsqlsandbox,cn=groups,cn=accounts,dc=example,dc=com))" -w current_password
On Fri, Jan 27, 2017 at 12:19 PM, John Scalia <jayknowsunix@gmail.com> wrote:
Thanks in advance,Can anyone suggest a proper format for the pg_hba.conf line? I seem to be hung up on getting the search filter correct and I'd like to have postgresql substitute the user's id rather than hard coding one in here.but I can't seem to translate this into any form that will work in the pg_hba.conf file. I've tried setting the various parameters separately like ldapbinddn, ldapbindpasswd, etc., and I've tried setting ldap_prefix, ldap_suffix, etc., and I've also tried to set ldapurl, but something always seems broken.Hi all,I've been slowly going nuts with trying to get LDAP authentication working. The following edited ldapsearch string works exactly as I need it:
ldapsearch -h ldap.example.com -b "dc=example,dc=com" -D "uid=pgsqlldap,cn=users,cn=accounts,dc=example,dc=com" "(&(uid=myuid)(memberOf=cn= pgsqlsandbox,cn=groups,cn= accounts,dc=example,dc=com))" -w current_password
I always get hung up here too. The last time I did it, I used (in pg_hba.conf). I haven't used this in about 2 years so, I may be off, but hopefully this helps....
( Notice the 'uid=;' )
--Scott
Jay
Thanks for the response, Scott, but after setting this in my file, I'm getting a FATAL could not load pg_hba.conf error. Here's what I tried this time:
ldap "ldap://ldapserver.example.com/dc=example,dc=com,uid=;memberOf=cn=pgsqlsandbox,cn=groups,cn=accounts,dc=example,dc=com"
ldap "ldap://ldapserver.example.com/dc=example,dc=com,uid=;memberOf=cn=pgsqlsandbox,cn=groups,cn=accounts,dc=example,dc=com"
Might this need ldapurl= in front of this?
On Fri, Jan 27, 2017 at 12:33 PM, Scott Mead <scottm@openscg.com> wrote:
On Fri, Jan 27, 2017 at 12:19 PM, John Scalia <jayknowsunix@gmail.com> wrote:Thanks in advance,Can anyone suggest a proper format for the pg_hba.conf line? I seem to be hung up on getting the search filter correct and I'd like to have postgresql substitute the user's id rather than hard coding one in here.but I can't seem to translate this into any form that will work in the pg_hba.conf file. I've tried setting the various parameters separately like ldapbinddn, ldapbindpasswd, etc., and I've tried setting ldap_prefix, ldap_suffix, etc., and I've also tried to set ldapurl, but something always seems broken.Hi all,I've been slowly going nuts with trying to get LDAP authentication working. The following edited ldapsearch string works exactly as I need it:
ldapsearch -h ldap.example.com -b "dc=example,dc=com" -D "uid=pgsqlldap,cn=users,cn=accounts,dc=example,dc=com" "(&(uid=myuid)(memberOf=cn=pgs qlsandbox,cn=groups,cn=account s,dc=example,dc=com))" -w current_password I always get hung up here too. The last time I did it, I used (in pg_hba.conf). I haven't used this in about 2 years so, I may be off, but hopefully this helps....( Notice the 'uid=;' )--ScottJay--