Re: Configuring LDAP in the pg_hba.conf file

On Fri, Jan 27, 2017 at 12:19 PM, John Scalia <jayknowsunix(at)gmail(dot)com>
wrote:

> Hi all,
>
> I've been slowly going nuts with trying to get LDAP authentication
> working. The following edited ldapsearch string works exactly as I need it:
>
> ldapsearch -h ldap.example.com -b "dc=example,dc=com" -D
> "uid=pgsqlldap,cn=users,cn=accounts,dc=example,dc=com"
> "(&(uid=myuid)(memberOf=cn=pgsqlsandbox,cn=groups,cn=accounts,dc=example,dc=com))"
> -w current_password
>
> but I can't seem to translate this into any form that will work in the
> pg_hba.conf file. I've tried setting the various parameters separately like
> ldapbinddn, ldapbindpasswd, etc., and I've tried setting ldap_prefix,
> ldap_suffix, etc., and I've also tried to set ldapurl, but something always
> seems broken.
>
> Can anyone suggest a proper format for the pg_hba.conf line? I seem to be
> hung up on getting the search filter correct and I'd like to have
> postgresql substitute the user's id rather than hard coding one in here.
>
> Thanks in advance,
>

I always get hung up here too. The last time I did it, I used (in
pg_hba.conf). I haven't used this in about 2 years so, I may be off, but
hopefully this helps....

ldap "ldap://192.168.1.1/ou=People,dc=example,dc=com;*uid=*
<http://10.20.10.7/ou=People,dc=openscg,dc=com;uid=>*;*,ou=
People,dc=example,dc=com"

( Notice the 'uid=;' )

--Scott

Jay
>

--
--
Scott Mead
Sr. Architect
*OpenSCG <http://openscg.com>*
http://openscg.com