Re: Configuring LDAP in the pg_hba.conf file

Thanks for the response, Scott, but after setting this in my file, I'm
getting a FATAL could not load pg_hba.conf error. Here's what I tried this
time:

ldap "ldap://
ldapserver.example.com/dc=example,dc=com,uid=;memberOf=cn=pgsqlsandbox,cn=groups,cn=accounts,dc=example,dc=com
"

Might this need ldapurl= in front of this?

On Fri, Jan 27, 2017 at 12:33 PM, Scott Mead <scottm(at)openscg(dot)com> wrote:

>
> On Fri, Jan 27, 2017 at 12:19 PM, John Scalia <jayknowsunix(at)gmail(dot)com>
> wrote:
>
>> Hi all,
>>
>> I've been slowly going nuts with trying to get LDAP authentication
>> working. The following edited ldapsearch string works exactly as I need it:
>>
>> ldapsearch -h ldap.example.com -b "dc=example,dc=com" -D
>> "uid=pgsqlldap,cn=users,cn=accounts,dc=example,dc=com"
>> "(&(uid=myuid)(memberOf=cn=pgsqlsandbox,cn=groups,cn=accounts,dc=example,dc=com))"
>> -w current_password
>>
>> but I can't seem to translate this into any form that will work in the
>> pg_hba.conf file. I've tried setting the various parameters separately like
>> ldapbinddn, ldapbindpasswd, etc., and I've tried setting ldap_prefix,
>> ldap_suffix, etc., and I've also tried to set ldapurl, but something always
>> seems broken.
>>
>> Can anyone suggest a proper format for the pg_hba.conf line? I seem to be
>> hung up on getting the search filter correct and I'd like to have
>> postgresql substitute the user's id rather than hard coding one in here.
>>
>> Thanks in advance,
>>
>
> I always get hung up here too. The last time I did it, I used (in
> pg_hba.conf). I haven't used this in about 2 years so, I may be off, but
> hopefully this helps....
>
> ldap "ldap://192.168.1.1/ou=People,dc=example,dc=com;*uid=*
> <http://10.20.10.7/ou=People,dc=openscg,dc=com;uid=>*;*,ou=Peo
> ple,dc=example,dc=com"
>
> ( Notice the 'uid=;' )
>
> --Scott
>
> Jay
>>
>
>
>
> --
> --
> Scott Mead
> Sr. Architect
> *OpenSCG <http://openscg.com>*
> http://openscg.com
>