Re: [Auth] "ident" method and LDAP user accounts

Stephane Bortzmeyer wrote:
> All the user accounts, including mine, are in a LDAP database. Thanks
> to NSS (Name Service Switch) all applications have access to the LDAP
> accounts (getpwuid(3) and getpwnam(3) use LDAP). But not PostgreSQL.
I did similar setups and both gentoo and debian/sarge, and this was
never a problem.

Might it be that the postgres user is not allowed to read /etc/ldap.conf
- or however your nss_ldap config file is called? I'd try su-ing to the
postgres user, and check if everything (ls -l /home, ... - you get the
idea) works as expected.

> When I connect locally (Linux as SO_PEERCRED so the ident daemon is
> not used) with the "ident" method, I get rejected.
>
> If I create an ident map to map the numeric UID to my name, it works:
>
> # MAPNAME     IDENT-USERNAME    PG-USERNAME
> ldapuser      1000              bortzmeyer
If all else fails, you could create this via a shellscript from your
ldap database - but of course thats ugly...

greetings, Florian Pflug