Re: [GENERAL] LDAP authentication without OU in ldapbasedn

Simple bind mode works nicely. Thank you. From: Jeff Janes [mailto:jeff.ja...@gmail.com] Sent: 14 July 2017 03:55 To: Gregory Nicol Cc: pgsql-general@postgresql.org Subject: Re: [GENERAL] LDAP authentication without OU in ldapbasedn On Thu, Jul 13, 2017 at 2:46 AM, Gregory Nicol

Re: [GENERAL] LDAP authentication without OU in ldapbasedn

On Thu, Jul 13, 2017 at 2:46 AM, Gregory Nicol wrote: > Good morning all, > > > > I can’t seem to get LDAP Authentication working without an OU in the > ldapbasedn. My users are spread across multiple OUs without a common root > OU which is why I’m trying to authenticate with just the DC. > > Ha

Re: [GENERAL] LDAP authentication without OU in ldapbasedn

Greetings, * Gregory Nicol (gregory.ni...@medbank.com.mt) wrote: > I can't seem to get LDAP Authentication working without an OU in the > ldapbasedn. My users are spread across multiple OUs without a common root OU > which is why I'm trying to authenticate with just the DC. As it looks like you

Re: [GENERAL] LDAP Authentication

W dniu 23.04.2015 o 00:06, John R Pierce pisze: On 4/22/2015 2:57 PM, Joseph Kregloh wrote: I see. That would still require a manual process to create the user on each server. I was planing on using some already existing scripts to create the user automatically on all servers and then LDAP

Re: [GENERAL] LDAP Authentication

On 4/22/2015 2:57 PM, Joseph Kregloh wrote: I see. That would still require a manual process to create the user on each server. I was planing on using some already existing scripts to create the user automatically on all servers and then LDAP would authorize depending on attributes in their

Re: [GENERAL] LDAP Authentication

On Wed, Apr 22, 2015 at 5:30 PM, John R Pierce wrote: > On 4/22/2015 11:37 AM, Joseph Kregloh wrote: > >> I have successfully setup LDAP and setup simple authentication using >> simple bind. This was my test case. Now I need to move to the next lever >> which would be search and bind. This will a

Re: [GENERAL] LDAP Authentication

On 4/22/2015 11:37 AM, Joseph Kregloh wrote: I have successfully setup LDAP and setup simple authentication using simple bind. This was my test case. Now I need to move to the next lever which would be search and bind. This will allow me to grant access to particular servers for some people. I

Re: [GENERAL] LDAP authentication not working

> Original Message > Subject: Re: [GENERAL] LDAP authentication not working > Resent-From: > Date: Wed, 14 May 2014 06:47:45 -1000 > From: Stephan Fabel > To: Magnus Hagander > CC: Postgres List , Jürgen Fuchsberger > >

Re: [GENERAL] LDAP authentication not working

On May 14, 2014 12:56 AM, "Magnus Hagander" wrote: > > On Wed, May 14, 2014 at 11:48 AM, Jürgen Fuchsberger < juergen.fuchsber...@uni-graz.at> wrote: >> >> >> >> On 05/14/2014 09:10 AM, Magnus Hagander wrote: >> > On Wed, May 14, 2014 at 8:35 AM, Stephan Fabel > > > wrote

Re: [GENERAL] LDAP authentication not working

On Wed, May 14, 2014 at 11:48 AM, Jürgen Fuchsberger < juergen.fuchsber...@uni-graz.at> wrote: > > > On 05/14/2014 09:10 AM, Magnus Hagander wrote: > > On Wed, May 14, 2014 at 8:35 AM, Stephan Fabel > > wrote: > > > > I don't think SSL support for LDAP is supported.

Re: [GENERAL] LDAP authentication not working

On Wed, May 14, 2014 at 8:35 AM, Stephan Fabel wrote: > I don't think SSL support for LDAP is supported. Have you tried TLS on > port 389? > Correct, and you need to set ldaptls=1 to use that as well. (And yes, unfortunately the LDAP error messages from openldap are notoriously bad) //Magnus

Re: [GENERAL] LDAP authentication not working

I don't think SSL support for LDAP is supported. Have you tried TLS on port 389? On May 13, 2014 8:20 PM, "Jürgen Fuchsberger" < juergen.fuchsber...@uni-graz.at> wrote: > Hi, > > I'm running postgresql 9.1 on Debian and am trying to set up LDAP > authentication using the following configuration in

Re: [GENERAL] LDAP referrals

On Wed, Jun 26, 2013 at 3:47 AM, James Sewell wrote: > Hello All, > > Is there a way to disable chasing LDAP referrals in PostgreSQL? > There is not, at this point. It would probably be fairly trivial to add a pg_hba parameter to turn it off (since it's, AFAIK, just a call to ldap_set_option), bu

Re: [GENERAL] LDAP authentication timing out

Hey, Thanks for the reply Magnus. I'm getting some packet captures now - I just thought I'd throw this out there in case anyone else had faced similar problems. This is EDB PPAS, I'm following up with them in parallel. Cheers, James Sewell James Sewell Solutions Architect _

Re: [GENERAL] LDAP authentication timing out

On Thu, Jun 20, 2013 at 7:24 AM, James Sewell wrote: > Hello All, > > I have the following config: > > hostsamerole+myrole samenetldap > ldapserver="ldap1,ldap2,ldap3" ldapbinddn="mybinddn" > ldapbindpasswd="mypass" ldapbasedn="mybase" ldapsearchattribute="myatt" >

Re: [GENERAL] ldap authentication multiple ou objects

On 02/24/2011 12:51 AM, Michael Black wrote: Look at the "Search Filters" and "LDAP URL" sections of http://quark.humbug.org.au/publications/ldap/ldap_tut.html . There are some samples of "wildcard" filters there. I tried a number of possibilities for the ldap url based on the LDAP URL section

Re: [GENERAL] ldap authentication multiple ou objects

On 02/23/2011 10:27 PM, Magnus Hagander wrote: On Wed, Feb 23, 2011 at 11:43, Sim Zacks wrote: Is there a way to do ldap authentication in pg_hba on a structure that has multiple ou objects? Lets say I have an ou=Users and then an ou per dept. I want the ldap to do authentication no matter w

Re: [GENERAL] LDAP: Auto user creation and role membership

On Wed, May 5, 2010 at 22:49, Daniel Scott wrote: > Hi, > > I have Postgres 8.4.3 running with gss authentication against Fedora's > FreeIPA (Integrated Kerberos, LDAP and some other services). > > I would like to auto-create users and auto-map postgres roles with > users and groups within the Fre

Re: [GENERAL] LDAP Login Problem

Thanks Magnus. I should have mentioned I'm using OpenLDAP 2.2. I guess I'll just have to wait for Postgres 9 and workaround it in the meantime. It's not an insurmountable issue... Regards, Tom Robst -- On 03/03/10 15:18, Magnus Hagander wrote: 2010/3/3 Tom Robst: Hi, I am having a problem w

Re: [GENERAL] LDAP Login Problem

2010/3/3 Tom Robst : > Hi, > > I am having a problem with authentication using LDAP on PostgreSQL 8.4.2. > > The problem seems to be limited to which attribute is specified in the > ldapprefix. If I specify "uid=" and then try login using the username > "trobst" (which is the value in the ldap db

Re: [GENERAL] LDAP configuration changes in 8.4?

--- On Tue, 8/12/09, Magnus Hagander wrote: > > ldapserver="notts.net.mycompany.com" > > exclude the ldap:// part, and the base dn part. > Excellent, that did the trick. Thanks. Glyn -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscripti

Re: [GENERAL] LDAP configuration changes in 8.4?

2009/12/8 Glyn Astill : > Hi Chaps, > > I'm setting up a new server on 8.4, and I'm struggling to get LDAP > authentication working, even though I've got it working fine on 8.3. > > This is the format I'm using in 8.3: > > ldap "ldap://notts.net.mycompany.com/My Company/Call Centre > Users;CN=;,O

Re: [GENERAL] LDAP Configuration for Postgres authenticating against AD

On 5 Aug 2009, at 3:41, Richard Esmonde wrote: Currently, the end of my pg_hba.conf file looks like: host all all 10.5.5.0 255.255.255.0 ldap "ldap:// master1. belfry.lan:389/ou=Belfry Users,ou=programmers;dc=belfry,dc=lan;cn=*;

Re: [GENERAL] LDAP using Active Directory

On Wed, Aug 5, 2009 at 18:47, Michael Gould wrote: > > I am wondering how others handle the login situation.  We use Active > Directory and require our users to change their passwords every 30 days. > Currently in our old system using SQL Anywhere we use the integrated login > feature.  Our db serv

Re: [GENERAL] LDAP Configuration for Postgres authenticating against AD

On Aug 4, 2009, at 6:41 PM, Richard Esmonde wrote: Hi, I’m new to PostGres (so go easy on my naivety). I am trying to configure the postgres host based configuration file to permit users to authenticate against our Active Directory. Needless to say both Ubuntu server and AD are in the sa

Re: [GENERAL] LDAP Configuration for Postgres authenticating against AD

On Tue, 2009-08-04 at 21:41 -0400, Richard Esmonde wrote: > Three days into this I am none the wiser - I’m exhausting Google > servers. Can anyone tell me what I have forgotten to do or have > overlooked in getting this setup correctly? To my mind it’s behaving > as though it’s not honoring anyt

Re: [GENERAL] LDAP Configuration for Postgres authenticating against AD

On Tuesday 04 August 2009 19:41:57 Richard Esmonde wrote: > Hi, > > > > I'm new to PostGres (so go easy on my naivety). I am trying to configure > the postgres host based configuration file to permit users to authenticate > against our Active Directory. > > Needless to say both Ubuntu server and A

Re: [GENERAL] LDAP

Taha Ozket wrote: > Hi, > > I am using ldap for client authentication. I add a line to pg_hba.conf like > this > > host allall192.168.1.104 255.255.255.0ldap > "ldap://ldapserver:389/dc=domain,dc=com,dc=tr;;,sn=;?sub?(objectclass=*)" > > but It doesnt work. I dont want to use th

Re: [GENERAL] LDAP Authentication

2008-07-03_21:17:50-0400 Ron Peterson <[EMAIL PROTECTED]>: > 2008-06-29_09:44:01-0400 Taha Ozket <[EMAIL PROTECTED]>: > > > I have a ldap group, "pgsql-developers". I have an user (user1) member > > of this group; > > ... > > How can I change this line for give login permission to > > pgsql-develo

Re: [GENERAL] LDAP Authentication

2008-06-29_09:44:01-0400 Taha Ozket <[EMAIL PROTECTED]>: > I have a ldap group, "pgsql-developers". I have an user (user1) member > of this group; > ... > How can I change this line for give login permission to > pgsql-developers members? If you have pam available, you could do pam authentication

Re: [GENERAL] LDAP Authentication

On Sun, 2008-06-29 at 17:58 +0200, Magnus Hagander wrote: > This is not something you currently can do. We can only do LDAP > authentication, not authorization. There's no way to restrict it to a > particular group. We're very interested in this functionality (nss_ldap for PgSQL) -- so if there's

Re: [GENERAL] LDAP Authentication

Taha Ozket wrote: > Hi, > > I have a ldap group, "pgsql-developers". I have an user (user1) member > of this group; > > group > dn: cn=pgsql-developers,ou=Groups,o=Dep,dc=x,dc=x,dc=x > objectClass: groupOfUniqueNames > objectClass: top > cn: SVN Committers > uniqueMember: uid=user1,ou=Users,o=Dep

Re: [GENERAL] ldap authentication allows logon with blank password

After some investigation into Open LDAP I discovered that a post that states: "A bind with a DN but with an empty password is equivalent to an anonymous bind, while a bind with a DN and with a wrong password is not;" So could this cause a blank password to allow access to the database as the LDAP

Re: [GENERAL] ldap authentication allows logon with blank password

Here is the log output when I try different passwords: When I enter an incorrect password I get the following: [unknown] [unknown] 2007-12-05 13:55:29 CST LOG: connection received: host=111.111.111.111 port=1791 user test_db 111.111.111.111 2007-12-05 13:55:29 CST DEBUG: received password pack

Re: [GENERAL] LDAP service lookup

Dawid Kuroczko wrote: > [...] and it also would be valuable to > add into pg_service.conf.sample an example ldap:// stanza, so if > person opens the file, she will be enlightened. I like that idea. > And a missing feature. Or rather treat it as feature request. :-) > A "wildcard entry". I would

Re: [GENERAL] LDAP service lookup

On 8/27/07, Albe Laurenz <[EMAIL PROTECTED]> wrote: > Dawid Kuroczko wrote: > >>> Then again, apart from libpq I don't see it mentioned anywhere. > [...] > > Looking at the 8.3devel documentation... > > > > I think it should be mentioned in 18. Server Configuration. probably > > somewhere in 18.3 C

Re: [GENERAL] LDAP service lookup

Dawid Kuroczko wrote: >>> Then again, apart from libpq I don't see it mentioned anywhere. [...] > Looking at the 8.3devel documentation... > > I think it should be mentioned in 18. Server Configuration. probably > somewhere in 18.3 Connections and Authentication, that there is > a possibility of u

Re: [GENERAL] LDAP service lookup

On 8/27/07, Albe Laurenz <[EMAIL PROTECTED]> wrote: > > it could be used as an advocacy lever ("you think LDAP directory with > > DB-services > > is neat? PostgreSQL already has it"). > I'm glad that *somebody* else appreciates it :^) Oh, I do, I do. :) > > Then again, apart from libpq I don't s

Re: [GENERAL] LDAP service lookup

> I've just accidently stumbled upon > http://www.postgresql.org/docs/8.2/static/libpq-ldap.html > and thought "hey, this is what my friend, a huge BigRDBMS fan, was > telling me about. > > Now that I've read it, I think it could be very useful in an > enterpisish sort of way > (addressing databas

Re: [GENERAL] ldap auth problem

On 1/2/07, Ing. Dan Horáček <[EMAIL PROTECTED]> wrote: Hi, I've just installed postgres 8.2.0-1 for win32 and wanted to try out the built-in LDAP support(with Openldap and Novell eDirectory). The following LDAP authentication was added to "pg_hba.conf" : Openldap: host all al

Re: [GENERAL] LDAP configuration problem

> > The rpms for Fedora 6 from www.postgresql.com don't seem to have the > LDAP support built-in, it shows that Hmmm... that isn't good. Although, do we want to -require- ldap? Joshua D. Drake > > invalid entry in file "/pub/pgsql/data/pg_hba.conf" at line 79, token > "ldap" > > But afte

Re: [GENERAL] LDAP configuration problem

Magnus, You are absolutely correct. Sorry that I didn't see the last line since GMAIL hid it for me. The rpms for Fedora 6 from www.postgresql.com don't seem to have the LDAP support built-in, it shows that invalid entry in file "/pub/pgsql/data/pg_hba.conf" at line 79, token "ldap" But after

Re: [GENERAL] LDAP configuration problem

Wenjian Yang wrote: > > Sorry, below are the lines in the log file: > > LOG: invalid entry in file "/pub/pgsql/data/pg_hba.conf" at line 78, > token "ldap://dc.domain.com/dc=domain^Adc=com;DOMAIN\"; > FATAL: missing or erroneous pg_hba.conf file > HINT: See server log for details. > > And the

Re: [GENERAL] LDAP configuration problem

Sorry, below are the lines in the log file: LOG: invalid entry in file "/pub/pgsql/data/pg_hba.conf" at line 78, token "ldap://dc.domain.com/dc=domain^Adc=com;DOMAIN\"; FATAL: missing or erroneous pg_hba.conf file HINT: See server log for details. And the pg_hba.conf line 78, is host all a

Re: [GENERAL] LDAP configuration problem

Wenjian Yang wrote: > Hi, > > I've just installed 8.2.0 from rpms on FC6 i386 and wanted to try out > the built-in LDAP support. > > The following LDAP authentication was added to "pg_hba.conf" > > host all all 0.0.0.0 0.0.0.0 > ldap://dc.domain.com/dc=doma

Re: [GENERAL] LDAP authentication

Em Sexta 26 Maio 2006 12:55, codeWarrior escreveu: > May I suggest you take a look at www.openldap.org and the following: > http://www.samse.fr/GPL/ldap_pg/HOWTO/ This looks like the opposite: the HOWTO above is for LDAP using PostgreSQL as backend not PostgreSQL using LDAP to authenticate. --

Re: [GENERAL] LDAP authentication

On Fri, 2006-05-26 at 10:55, codeWarrior wrote: > May I suggest you take a look at www.openldap.org and the following: > http://www.samse.fr/GPL/ldap_pg/HOWTO/ Note that that's more about backing LDAP with PostgreSQL, not the other way around. still a good faq though ---

Re: [GENERAL] LDAP authentication

May I suggest you take a look at www.openldap.org and the following: http://www.samse.fr/GPL/ldap_pg/HOWTO/ <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hello, > > I saw many messages about ldap authentication but I´m still not sure if > PostgreSQL can use it? > > Can I use it?

Re: [GENERAL] LDAP authentication

[EMAIL PROTECTED] wrote: Hello, I saw many messages about ldap authentication but I´m still not sure if PostgreSQL can use it? Are you using windows or unix? On unix, postgresql can use pam (pluggable authentication modules) for authentication. There are pam modules for about any authenticatio