On Tue, 2009-08-04 at 21:41 -0400, Richard Esmonde wrote: > Three days into this I am none the wiser - I’m exhausting Google > servers. Can anyone tell me what I have forgotten to do or have > overlooked in getting this setup correctly? To my mind it’s behaving > as though it’s not honoring anything I have put in the pg_hba.conf for > Remote TCP/IP connections. I have to be missing something super > simple….. a postgres-ldap add-on for Postgres on Ubuntu perhaps? On my Ubuntu 9.04 system `postmaster' links directly to libldap, and appears to support LDAP authentication. I don't see any additional auth modules in the respository. So, no, I doubt you need anything extra. Are you sure your posted pg_hba.conf was right? You had: host all all 10.5.5.0 255.255.255.0 password host all all 10.5.5.0 255.255.255.0 ldap "ldap://master1. belfry.lan:389/ou=Belfry Users,ou=programmers;dc=belfry,dc=lan;cn=*;BELFRY\" ... so you wouldn't even be trying LDAP authentication. Any user trying to connect to any DB from the 10.5.5.0/24 range would be expected to use password auth. The LDAP auth line can never match. Maybe instead of "all" users for password auth you wanted to (eg) only require password auth for the "postgres" user? If that's not the issue: Try watching for LDAP traffic with wireshark; see if there's any communication. Also, use `ldapsearch' from the host running Pg to query AD, make sure that works. -- Craig Ringer -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
