磨砺技术珠矶,践行数据之道,追求卓越价值
回到上一级页面: PostgreSQL杂记页 回到顶级页面:PostgreSQL索引页
[作者 高健@博客园 luckyjackgao@gmail.com]
LDAP服务器的安装,参考此处:
http://www-06.ibm.com/jp/linux/tech/doc/attachments/openldap_install_v1.3.pdf#search='OpenLDAP'
而PostgreSQL中与LDAP相关的设置,可以参考:
https://secure.sqlmanager.net/en/articles/postgresql/654
在LDAP服务器端,建立一个用户user4,具体细节参考上述URL中的新用户登录一节,
建立用户user4时,使用的文件:
dn: uid=user4,ou=People,o=System Support,dc=my-domain,dc=com
uid: user4
cn: user4
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:
loginShell: /bin/bash
uidNumber: 503
gidNumber: 500
homeDirectory: /home/user4
还得使用slappasswd命令,个user4用户设置口令,然后把得到的加密口令拷贝到userPassword处。
然后使用ldapadd命令:
ldapadd -x -f useradd-list.ldif -D "cn=Manager,dc=my-domain,dc=com" -W
然后再查询看看:
[root@srv openldap]# ldapsearch -x -b "ou=People,o=System Support,dc=my-domain,dc=com"
# extended LDIF
#
# LDAPv3
# base <ou=People,o=System Support,dc=my-domain,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# People, System Support, my-domain.com
dn: ou=People,o=System Support,dc=my-domain,dc=com
objectClass: organizationalUnit
ou: People
# user4, People, System Support, my-domain.com
dn: uid=user4,ou=People,o=System Support,dc=my-domain,dc=com
uid: user4
cn: user4
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
loginShell: /bin/bash
uidNumber: 503
gidNumber: 500
homeDirectory: /home/user4
userPassword:: e2NyeXB0fSQxJC9kbjVRL2dPJHNkamdMZm1iRngxRnVFSXczNk9xeTE=
shadowLastChange: 15971
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 2
[root@srv openldap]#
LDAP服务器端准备完毕后,在postgresql中,还要建立同名的用户user4:
postgres>create user user4 password '!qaz2wsx';
至于口令是否和前述的相同并不重要。
为了登录后有数据库供user4使用,还需要创建数据库:
postgres>create database user4 owner user4;
然后,在postgresql所在机器上,进行ldap相关设置:
为了更加简化此问题,暂时不采用pam相关的认证方式,而是只采用单纯的LDAP方式。
根据刚才的LDAP服务器上的查询,给postgresql中的pg_hba.conf文件进行配置:
-bash-3.2$ pwd
/opt/PostgreSQL/9.2
-bash-3.2$ cat ./data/pg_hba.conf
# PostgreSQL Client Authentication Configuration File
...
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all user4 ldap ldapserver=16.157.247.8 ldapprefix="uid=" ldapsuffix=",ou=People,o=System Support,dc=my-domain,dc=com"
#local all all md5
# IPv4 local connections:
#host all user4 pam postgresql
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication postgres md5
#host replication postgres 127.0.0.1/32 md5
#host replication postgres ::1/128 md5
-bash-3.2$
然后,验证登录过程:
-bash-3.2$ ./bin/psql -Uuser4
Password for user user4:
psql.bin (9.2.4)
Type "help" for help.
No entry for terminal type "xterm";
using dumb terminal settings.
user4=>
此时LDAP服务器的log中有如下信息:
Sep 24 13:19:54 srv slapd[2311]: conn=9 fd=12 ACCEPT from IP=16.157.245.74:44853 (IP=0.0.0.0:389)
Sep 24 13:19:54 srv slapd[2311]: conn=9 op=0 BIND dn="uid=user4,ou=People,o=System Support,dc=my-domain,dc=com" method=128
Sep 24 13:19:54 srv slapd[2311]: conn=9 op=0 BIND dn="uid=user4,ou=People,o=System Support,dc=my-domain,dc=com" mech=SIMPLE ssf=0
Sep 24 13:19:54 srv slapd[2311]: conn=9 op=0 RESULT tag=97 err=0 text=
Sep 24 13:19:54 srv slapd[2311]: conn=9 op=1 UNBIND
Sep 24 13:19:54 srv slapd[2311]: conn=9 fd=12 closed
登录成功
[作者 高健@博客园 luckyjackgao@gmail.com]
回到上一级页面:PostgreSQL基础知识与基本操作索引页 回到顶级页面:PostgreSQL索引页
磨砺技术珠矶,践行数据之道,追求卓越价值