February 25th, 2013, 05:29 PM
LDAP prefix authentication with postgresql
I am new to using LDAP and trying to do some exploratory testing with postgresql and LDAP. I am having a hard time understanding the ldapprefix and suffix part.
I have been authenticating using the following entry to pg_hba.conf
local test1 jpowers ldap ldapserver=machine_name ldapprefix= firstname.lastname@example.org
This works fine. But I have not been able to completely understand or get a successful login with anything in the prefix line. I have been searching and all I was able to find out was below from documentation.
EXAMPLE FROM POSTGRES MANUAL
ldapserver=ldap.example.net ldapprefix="cn=" ldapsuffix=", dc=example, dc=net"
Based upon this I know from Active directory that my user listed the following.
CN=Jonathon Powers CN=users, DC=company, DC=com
with that information I have tried connecting with the following entries in pg_hba.conf with no luck.
local test1 jpowers ldap ldapserver=machine_name ldapprefix="cn=users" ldapsuffix=", dc=company, dc=com"
local test1 jpowers ldap ldapserver=machine_name ldapprefix="cn=Jonathon Powers" ldapsuffix=", dc=company, dc=com"
local test1 jpowers ldap ldapserver=machine_name ldapprefix="cn=" ldapsuffix=", dc=company, dc=com"
Does anyone know what I might be missing, or what I am doing wrong?
February 25th, 2013, 06:29 PM
Figured it out. I can have user powers in psql, and user jpowers in LDAP. I can connect to psql with user powers but have prefix "j" in the pg_hba.conf entry, so that it authenticates against LDAP with jpowers instead of powers.
Originally Posted by jpowers