Search Postgresql Archives

Re: LDAP Search failing when i provide Multiple entry in pg_hba.conf

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Jun 23, 2019 at 12:00 PM Revana Siddu <revana.siddu@xxxxxxxxx> wrote:
> This my pg_hba.conf , If I comment one entry users belong that basedn works , With 2 entry not working ... Please help how  to go about this
>
> host    all             all           clienthostip/32 ldap ldapserver=ldapserver.com ldapbasedn="OU=Users,OU=AP Region,DC=xx,DC=com"  ldapbinddn="cn=serviceID,ou=special accounts,ou=ISO,dc=xx,dc=com" ldapbindpasswd="xxxx" ldapsearchattribute="sAMAccountName"
> host    all             all           clienthostip/ldap ldapserver=ldapserver.com ldapbasedn="OU=Users,OU=ISO,DC=xx,DC=com" ldapbinddn="cn=serviceID,ou=special accounts,ou=ISO,dc=xx,dc=com" ldapbindpasswd="xxxxx" ldapsearchattribute="sAMAccountName"

I assume the second line is missing a few characters between
"clienthostip/" and "ldap".

The HBA system works using the first line that matches in the type,
database, user and address columns, and if that line rejects the user,
it doesn't try later lines[1].  That means you can't use multiple
lines to say 'this OR that'.

If you're on version 11, you could try to do this with one line using
ldapsearchfilter[2] instead of ldapsearchattribute.  Perhaps you could
set ldapbasedn="DC=xx,DC=com" (the common ancestor of both OUs), and
then you'd use something like
ldaldapsearchfilter="(&(sAMAccountName=$username)(|(...)(...)))",
where & and | are logical and and or operators understood by Active
Directory.  I don't know what syntax would be required for the (...)
parts on your set-up -- perhaps something like (memberOf=...) would be
involved, but I Google finds lots of discussion of how to build a
search filter that searches more than one OU.  You can experiment with
the ldapsearch command-line tool.

[1] https://www.postgresql.org/docs/11/auth-pg-hba-conf.html
[2] https://www.postgresql.org/docs/11/auth-ldap.html

-- 
Thomas Munro
https://enterprisedb.com






[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux