Hello,
I am trying to authenticate PostgreSQL
9.0 login roles against LDAP/Active directory (AD). PostgreSQL 9.0 is installed
on a Windows 2008 R2 64bit. My pg_hba.conf setting looks like the following:
host <db>
<user> samenet
ldap ldapserver=<server.domain.net.com>
ldapprefix="DOMAIN\"
I am populating the <db>, <user>,
<server.domain.net.com>, and DOMAIN with real values.
When I use the following psql command
I get an error:
C:\Windows\System32>psql -d <db>
-U <user> -W
Password for user <user>:
psql: FATAL: password authentication
failed for user "<user>"
I have added the <user> to the
login role and the user exists in AD.
If I use pyscopg2 (a python module that
is commonly used for PostgreSQL interaction), I can actually connect to
the database using the settings specified in the pg_hba.conf file
shown above. If I use a false username, the script fails. Therefore the
script is behaving as I would expect, but I am confussed why psql is behaving
differently.
Questions:
1. Does my pg_hba.conf setting seem
correct?
2. If my pg_hba.conf setup is correct,
why is psql failing (does not fail using a second user specified in db
that authenticates with password)? I also tried specifying ldapport, but
this was causing a failure in postgres reading the conf. I am able to use
the same command on different databases and for different users and this
works.
3. Is the transfer of the password automatically
encrypted? I read in a blog that using LDAP does not encrypt and I need
to use SSL. I tried using ldaptls=1 but this was causing a failure in postgres
reading the conf.
4. There is some documentation I have
found online on how to set this up but most of the examples/blogs were
not helping me to work though this.
Thank you for any help you can provide.
mike
- - - - - - - - - - - - - - - - - - - - - - - - - -
Michael O'Donnell
Phone: 970.226.9407
Fax: 970.226.9230
Email: odonnellm@xxxxxxxx
United States Geological Survey/BRD
Fort Collins Science Center
2150 Centre Ave., Bldg C
Fort Collins, CO 80526
