Re: LDAP Configuration for Postgres authenticating against AD

On Aug 4, 2009, at 6:41 PM, Richard Esmonde wrote:

> Hi,
>
> I’m new to PostGres (so go easy on my naivety). I am trying to
> configure the postgres host based configuration file to permit users
> to authenticate against our Active Directory.
> Needless to say both Ubuntu server and AD are in the same Domain.
>
> · I am running PostGRESQL v8.3.7 on a 64-Bit Ubuntu Hardy
> Heron Dell server with Apache 2.
> · I am not running SSL.
> · This work is happening on a LAN. My AD server=master1 and
> the LAN=belfry.lan
> · I installed Postgres as follow:
> o # sudo apt-get install postgresql-8.3 postgresql-client-8.3
> postgresql-client-common postgresql-common
>
> It runs just fine and I can create databases users and tables with
> no problems.
>
> Currently, the end of my pg_hba.conf file looks like:
> ============================================
> # IPv4 local connections:
> host all all 127.0.0.1/32 md5
> host all all 10.5.5.0 255.255.255.0 password

This is the line that will take effect for any connection from
10.5.5.0/24.

>
> # IPv6 local connections:
> host all all ::1/128 md5
>
> # Remote TCP/IP connection
> #host all postgres 127.0.0.1/32 password
> # host all all 10.5.5.0/16 ldap "ldap://master1:389/dc=belfry,dc=lan;BELFRY
> \"
> # host all all 10.5.5.0 255.255.255.0 ldap "ldap://master1:389/dc=belfry,dc=lan;BELFRY
> \"
>
> host all all 10.5.5.0 255.255.255.0 ldap "ldap://master1
> . belfry.lan:389/ou=Belfry
> Users,ou=programmers;dc=belfry,dc=lan;cn=*;BELFRY\"

Anything that might match this will already have matched the line
above (and had a password challenge), so this line will never be used.

Cheers,
Steve