| From: | "Florian G(dot) Pflug" <fgp(at)phlo(dot)org> |
|---|---|
| To: | Stephane Bortzmeyer <bortzmeyer(at)nic(dot)fr> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: [Auth] "ident" method and LDAP user accounts |
| Date: | 2005-03-03 09:04:32 |
| Message-ID: | 4226D320.7070407@phlo.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Stephane Bortzmeyer wrote:
> All the user accounts, including mine, are in a LDAP database. Thanks
> to NSS (Name Service Switch) all applications have access to the LDAP
> accounts (getpwuid(3) and getpwnam(3) use LDAP). But not PostgreSQL.
I did similar setups and both gentoo and debian/sarge, and this was
never a problem.
Might it be that the postgres user is not allowed to read /etc/ldap.conf
- or however your nss_ldap config file is called? I'd try su-ing to the
postgres user, and check if everything (ls -l /home, ... - you get the
idea) works as expected.
> When I connect locally (Linux as SO_PEERCRED so the ident daemon is
> not used) with the "ident" method, I get rejected.
>
> If I create an ident map to map the numeric UID to my name, it works:
>
> # MAPNAME IDENT-USERNAME PG-USERNAME
> ldapuser 1000 bortzmeyer
If all else fails, you could create this via a shellscript from your
ldap database - but of course thats ugly...
greetings, Florian Pflug
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Surabhi Ahuja | 2005-03-03 09:31:10 | getting attribute names, types |
| Previous Message | Tom Lane | 2005-03-03 09:03:25 | Re: [Auth] "ident" method and LDAP user accounts |