Michael O'Donnell
2012-08-08 02:07:25 UTC
Hello,
I am trying to authenticate PostgreSQL 9.0 login roles against LDAP/Active
directory (AD). PostgreSQL 9.0 is installed on a Windows 2008 R2 64bit. My
pg_hba.conf setting looks like the following:
host <db> <user> samenet ldap ldapserver=<server.domain.net.com>
ldapprefix="DOMAIN\"
I am populating the <db>, <user>, <server.domain.net.com>, and DOMAIN with
real values.
When I use the following psql command I get an error:
C:\Windows\System32>psql -d <db> -U <user> -W
Password for user <user>:
psql: FATAL: password authentication failed for user "<user>"
I have added the <user> to the login role and the user exists in AD.
If I use pyscopg2 (a python module that is commonly used for PostgreSQL
interaction), I can actually connect to the database using the settings
specified in the pg_hba.conf file shown above. If I use a false username,
the script fails. Therefore the script is behaving as I would expect, but
I am confussed why psql is behaving differently.
Questions:
1. Does my pg_hba.conf setting seem correct?
2. If my pg_hba.conf setup is correct, why is psql failing (does not fail
using a second user specified in db that authenticates with password)? I
also tried specifying ldapport, but this was causing a failure in postgres
reading the conf. I am able to use the same command on different databases
and for different users and this works.
3. Is the transfer of the password automatically encrypted? I read in a
blog that using LDAP does not encrypt and I need to use SSL. I tried using
ldaptls=1 but this was causing a failure in postgres reading the conf.
4. There is some documentation I have found online on how to set this up
but most of the examples/blogs were not helping me to work though this.
Thank you for any help you can provide.
mike
- - - - - - - - - - - - - - - - - - - - - - - - - -
Michael O'Donnell
Phone: 970.226.9407
Fax: 970.226.9230
Email: ***@usgs.gov
United States Geological Survey/BRD
Fort Collins Science Center
2150 Centre Ave., Bldg C
Fort Collins, CO 80526
I am trying to authenticate PostgreSQL 9.0 login roles against LDAP/Active
directory (AD). PostgreSQL 9.0 is installed on a Windows 2008 R2 64bit. My
pg_hba.conf setting looks like the following:
host <db> <user> samenet ldap ldapserver=<server.domain.net.com>
ldapprefix="DOMAIN\"
I am populating the <db>, <user>, <server.domain.net.com>, and DOMAIN with
real values.
When I use the following psql command I get an error:
C:\Windows\System32>psql -d <db> -U <user> -W
Password for user <user>:
psql: FATAL: password authentication failed for user "<user>"
I have added the <user> to the login role and the user exists in AD.
If I use pyscopg2 (a python module that is commonly used for PostgreSQL
interaction), I can actually connect to the database using the settings
specified in the pg_hba.conf file shown above. If I use a false username,
the script fails. Therefore the script is behaving as I would expect, but
I am confussed why psql is behaving differently.
Questions:
1. Does my pg_hba.conf setting seem correct?
2. If my pg_hba.conf setup is correct, why is psql failing (does not fail
using a second user specified in db that authenticates with password)? I
also tried specifying ldapport, but this was causing a failure in postgres
reading the conf. I am able to use the same command on different databases
and for different users and this works.
3. Is the transfer of the password automatically encrypted? I read in a
blog that using LDAP does not encrypt and I need to use SSL. I tried using
ldaptls=1 but this was causing a failure in postgres reading the conf.
4. There is some documentation I have found online on how to set this up
but most of the examples/blogs were not helping me to work though this.
Thank you for any help you can provide.
mike
- - - - - - - - - - - - - - - - - - - - - - - - - -
Michael O'Donnell
Phone: 970.226.9407
Fax: 970.226.9230
Email: ***@usgs.gov
United States Geological Survey/BRD
Fort Collins Science Center
2150 Centre Ave., Bldg C
Fort Collins, CO 80526