| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Aaron_Wright(at)selinc(dot)com |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: PAM LDAP CREATE USER |
| Date: | 2015-10-26 22:30:37 |
| Message-ID: | 4707.1445898637@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Aaron_Wright(at)selinc(dot)com writes:
> I recently upgraded from 8.4 to 9.3, and my custom LDAP PAM module no
> longer works.
8.4.what and 9.3.what? Have you checked the behavior in any other releases?
> In brief, my LDAP PAM module authenticates a centralized user and then
> creates a matching database user, using a separate super user connection
> to the database, before returning successfully from the PAM module. This
> used to work beautifully, but now I get a FATAL error, "role %s does not
> exist".
That seems mighty Rube Goldbergian ... but it's not clear why it used to
work and doesn't anymore. If you'd said 9.4 I'd have guessed at a corner
case in catalog snapshot invalidation, but I think 9.3 would just be
looking for the role with SnapshotNow, which should pretty much always
work. (You're sure the transaction in the background is getting committed
in time, right? And it's being sent to the 9.3 DB not the 8.4 one?)
Also, just to clarify: this is a PAM auth module that just happens to talk
to some LDAP server behind the scenes, right? If Postgres thinks this is
LDAP auth method then some other possibilities open up --- but AFAICS
we've not touched the PAM code since 8.4.2.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Gavin Flower | 2015-10-26 22:30:41 | Re: Recursive Arrays 101 |
| Previous Message | Leonardo | 2015-10-26 22:28:16 | how to insert stream into table using nodejs? |