Re: LDAP Configuration for Postgres authenticating against AD

On Aug 4, 2009, at 6:41 PM, Richard Esmonde wrote:

> Hi,
>
> I’m new to PostGres (so go easy on my naivety).  I am trying to
> configure the postgres host based configuration file to permit users
> to authenticate against our Active Directory.
> Needless to say both Ubuntu server and AD are in the same Domain.
>
> ·         I am running PostGRESQL v8.3.7 on a 64-Bit Ubuntu Hardy
> Heron Dell server with Apache 2.
> ·         I am not running SSL.
> ·         This work is happening on a LAN.  My AD server=master1 and
> the LAN=belfry.lan
> ·         I installed Postgres as follow:
> o   # sudo apt-get install postgresql-8.3 postgresql-client-8.3
> postgresql-client-common postgresql-common
>
> It runs just fine and I can create databases users and tables with
> no problems.
>
> Currently, the end of my pg_hba.conf file looks like:
> ============================================
> # IPv4 local connections:
> host    all         all         127.0.0.1/32          md5
> host    all     all     10.5.5.0 255.255.255.0  password

This is the line that will take effect for any connection from
10.5.5.0/24.

>
> # IPv6 local connections:
> host    all         all         ::1/128               md5
>
> # Remote TCP/IP connection
> #host   all     postgres        127.0.0.1/32    password
> # host  all     all             10.5.5.0/16    ldap "ldap://master1:389/dc=belfry,dc=lan;BELFRY
> \"
> # host  all     all             10.5.5.0 255.255.255.0  ldap "ldap://master1:389/dc=belfry,dc=lan;BELFRY
> \"
>
> host  all     all             10.5.5.0 255.255.255.0   ldap "ldap://master1
> . belfry.lan:389/ou=Belfry
> Users,ou=programmers;dc=belfry,dc=lan;cn=*;BELFRY\"

Anything that might match this will already have matched the line
above (and had a password challenge), so this line will never be used.

Cheers,
   Steve