|
Thanks Scott. I think this is what pg_ident.conf does, right?
in pg_ident.conf , I specify the mapping rule to map xxx@xxxxxxxxxxx username to pg user name company_com_xxx # MAPNAME SYSTEM-USERNAME PG-USERNAME mymap /^(.*)@COMPANY\.COM$ company_com_\1 in postgresql document, it has the example which is similar with mine, but it is not gss authentication mymap /^(.*)@mydomain\.com$ \1 mymap /^(.*)@otherdomain\.com$ guest I am not sure why I am not able to map my credential to other db users. thanks James From: scott@xxxxxxxxxxx To: jamesxu@xxxxxxxxxxx; pgsql-admin@xxxxxxxxxxxxxx Subject: Re: [ADMIN] Postgresql gss user map doesn't work Date: Tue, 30 Jun 2015 21:56:54 +0000 Well, that's just going to be your underlying authentication method. Say you want to authenticate via LDAP using ADS. Well, you have 2 basic choice. "My name@mydomain.whatever.internal.local" Probably .local. You're just asking PG to auth against "something else." You have to configure that in the underlying OS/directory store. -------- Original message -------- From: xujian <jamesxu@xxxxxxxxxxx> Date: 06/30/2015 4:40 PM (GMT-06:00) To: pgsql-admin@xxxxxxxxxxxxxx Subject: Re: [ADMIN] Postgresql gss user map doesn't work it looks like I need to specify the mapping user name in the command, for instance, if my credential is xxx, I want to login as user company_com_xxx, I have to run command like
/psql -d dbname -h postgresql.server.name -U company_com_xxx
but why I need to specify the mapping user name company_com_xxx in command line?
does anyone have same issue? thanks
James
From: jamesxu@xxxxxxxxxxx To: pgsql-admin@xxxxxxxxxxxxxx Subject: Postgresql gss user map doesn't work Date: Tue, 30 Jun 2015 12:56:47 -0400 Hello,
I have a problem when I am using gss map. I want to map the user xxx@xxxxxxxxxxx to db role company_com_xxx
here is my pa_hba.conf:
=================
# TYPE DATABASE USER ADDRESS METHOD
host all all all gss include_realm=1 map=mymap
here is the pg_ident.conf
=================
# MAPNAME SYSTEM-USERNAME PG-USERNAME
mymap /(.*)@COMPANY.COM company_com_\1
However, it doesn't work, I got error message
=================
LOG: no match in usermap "mymap" for user "xxx" authenticated as "xxx@xxxxxxxxxxx"
FATAL: GSSAPI authentication failed for user "xxx"
DETAIL: Connection matched pg_hba.conf line 88: "host all all all gss include_realm=1 map=mymap"
but if I changed the map to
=================
# MAPNAME SYSTEM-USERNAME PG-USERNAME
mymap /(.*)@COMPANY.COM \1
then I can login, I have created role xxx and company_com_xxx in db side. even if I hard code the username in the mapping like
=================
# MAPNAME SYSTEM-USERNAME PG-USERNAME
mymap /(.*)@COMPANY.COM company_com_xxx
it still doesn't work. any idea?
Thanks in advance!
James
Journyx, Inc.
7600 Burnet Road #300
Austin, TX 78757 www.journyx.com p 512.834.8888
f 512-834-8858
Do you receive our promotional emails? You can subscribe or unsubscribe to those emails at http://go.journyx.com/emailPreference/e/4932/714/
|
