Re: Postgresql gss user map doesn't work

Thanks Scott. I think this is what pg_ident.conf does, right?in pg_ident.conf , I specify the mapping rule to map xxx(at)COMPANY(dot)COM username to pg user name company_com_xxx
# MAPNAME SYSTEM-USERNAME PG-USERNAMEmymap /^(.*)@COMPANY\.COM$ company_com_\1
in postgresql document, it has the example which is similar with mine, but it is not gss authenticationhttp://www.postgresql.org/docs/9.1/static/auth-username-maps.htmlmymap /^(.*)@mydomain\.com$ \1
mymap /^(.*)@otherdomain\.com$ guestI am not sure why I am not able to map my credential to other db users. thanks
James

From: scott(at)journyx(dot)com
To: jamesxu(at)outlook(dot)com; pgsql-admin(at)postgresql(dot)org
Subject: Re: [ADMIN] Postgresql gss user map doesn't work
Date: Tue, 30 Jun 2015 21:56:54 +0000

Well, that's just going to be your underlying authentication method. Say you want to authenticate via LDAP using ADS. Well, you have 2 basic choice. "My name(at)mydomain(dot)whatever(dot)internal(dot)local" Probably .local. You're just asking PG to auth against "something
else." You have to configure that in the underlying OS/directory store.

-------- Original message --------

From: xujian <jamesxu(at)outlook(dot)com>

Date: 06/30/2015 4:40 PM (GMT-06:00)

To: pgsql-admin(at)postgresql(dot)org

Subject: Re: [ADMIN] Postgresql gss user map doesn't work

it looks like I need to specify the mapping user name in the command, for instance, if my credential is xxx, I want to login as user company_com_xxx, I have to run command like

/psql -d dbname -h postgresql.server.name -U company_com_xxx

but why I need to specify the mapping user name company_com_xxx in command line?
does anyone have same issue? thanks

James

From: jamesxu(at)outlook(dot)com

To: pgsql-admin(at)postgresql(dot)org

Subject: Postgresql gss user map doesn't work

Date: Tue, 30 Jun 2015 12:56:47 -0400

Hello,
I have a problem when I am using gss map. I want to map the user xxx(at)company(dot)com to db role company_com_xxx
here is my pa_hba.conf:
=================
# TYPE DATABASE USER ADDRESS METHOD
host all all all gss include_realm=1 map=mymap

here is the pg_ident.conf
=================

# MAPNAME SYSTEM-USERNAME PG-USERNAME
mymap /(.*)@COMPANY.COM company_com_\1

However, it doesn't work, I got error message
=================

LOG: no match in usermap "mymap" for user "xxx" authenticated as "xxx(at)COMPANY(dot)COM"
FATAL: GSSAPI authentication failed for user "xxx"
DETAIL: Connection matched pg_hba.conf line 88: "host all all all gss include_realm=1 map=mymap"

but if I changed the map to

=================

# MAPNAME SYSTEM-USERNAME PG-USERNAME
mymap /(.*)@COMPANY.COM \1

then I can login, I have created role xxx and company_com_xxx in db side. even if I hard code the username in the mapping like

=================

# MAPNAME SYSTEM-USERNAME PG-USERNAME
mymap /(.*)@COMPANY.COM company_com_xxx

it still doesn't work. any idea?

Thanks in advance!

James

Journyx, Inc.
7600 Burnet Road #300

Austin, TX 78757

www.journyx.com

p 512.834.8888
f 512-834-8858

Do you receive our promotional emails? You can subscribe or unsubscribe to those emails at http://go.journyx.com/emailPreference/e/4932/714/