From: | Scott Mead <scottm(at)openscg(dot)com> |
---|---|
To: | John Scalia <jayknowsunix(at)gmail(dot)com> |
Cc: | "pgsql-admin(at)postgresql(dot)org" <pgsql-admin(at)postgresql(dot)org> |
Subject: | Re: Configuring LDAP in the pg_hba.conf file |
Date: | 2017-01-27 17:33:17 |
Message-ID: | CAKq0gvLaPb+nFvd+R9PJGEJWxnLKzj3e4UpY9YhBjgMJmOtu5w@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
On Fri, Jan 27, 2017 at 12:19 PM, John Scalia <jayknowsunix(at)gmail(dot)com>
wrote:
> Hi all,
>
> I've been slowly going nuts with trying to get LDAP authentication
> working. The following edited ldapsearch string works exactly as I need it:
>
> ldapsearch -h ldap.example.com -b "dc=example,dc=com" -D
> "uid=pgsqlldap,cn=users,cn=accounts,dc=example,dc=com"
> "(&(uid=myuid)(memberOf=cn=pgsqlsandbox,cn=groups,cn=accounts,dc=example,dc=com))"
> -w current_password
>
> but I can't seem to translate this into any form that will work in the
> pg_hba.conf file. I've tried setting the various parameters separately like
> ldapbinddn, ldapbindpasswd, etc., and I've tried setting ldap_prefix,
> ldap_suffix, etc., and I've also tried to set ldapurl, but something always
> seems broken.
>
> Can anyone suggest a proper format for the pg_hba.conf line? I seem to be
> hung up on getting the search filter correct and I'd like to have
> postgresql substitute the user's id rather than hard coding one in here.
>
> Thanks in advance,
>
I always get hung up here too. The last time I did it, I used (in
pg_hba.conf). I haven't used this in about 2 years so, I may be off, but
hopefully this helps....
ldap "ldap://192.168.1.1/ou=People,dc=example,dc=com;*uid=*
<http://10.20.10.7/ou=People,dc=openscg,dc=com;uid=>*;*,ou=
People,dc=example,dc=com"
( Notice the 'uid=;' )
--Scott
Jay
>
--
--
Scott Mead
Sr. Architect
*OpenSCG <http://openscg.com>*
http://openscg.com
From | Date | Subject | |
---|---|---|---|
Next Message | John Scalia | 2017-01-27 17:47:50 | Re: Configuring LDAP in the pg_hba.conf file |
Previous Message | John Scalia | 2017-01-27 17:19:15 | Configuring LDAP in the pg_hba.conf file |