磨砺技术珠矶,践行数据之道,追求卓越价值
回到上一级页面: PostgreSQL杂记页 回到顶级页面:PostgreSQL索引页
[作者 高健@博客园 luckyjackgao@gmail.com]
LDAP服务器的安装,参考此处:
http://www-06.ibm.com/jp/linux/tech/doc/attachments/openldap_install_v1.3.pdf#search=’OpenLDAP’
而PostgreSQL中与LDAP相关的设置,可以参考:
https://secure.sqlmanager.net/en/articles/postgresql/654
在LDAP服务器端,建立一个用户user4,具体细节参考上述URL中的新用户登录一节,
建立用户user4时,使用的文件:
dn: uid=user4,ou=People,o=System Support,dc=my-domain,dc=com uid: user4 cn: user4 objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword: loginShell: /bin/bash uidNumber: 503 gidNumber: 500 homeDirectory: /home/user4
还得使用slappasswd命令,个user4用户设置口令,然后把得到的加密口令拷贝到userPassword处。
然后使用ldapadd命令:
ldapadd -x -f useradd-list.ldif -D “cn=Manager,dc=my-domain,dc=com” -W
然后再查询看看:
[root@srv openldap]# ldapsearch -x -b "ou=People,o=System Support,dc=my-domain,dc=com" # extended LDIF # # LDAPv3 # base <ou=People,o=System Support,dc=my-domain,dc=com> with scope subtree # filter: (objectclass=*) # requesting: ALL # # People, System Support, my-domain.com dn: ou=People,o=System Support,dc=my-domain,dc=com objectClass: organizationalUnit ou: People # user4, People, System Support, my-domain.com dn: uid=user4,ou=People,o=System Support,dc=my-domain,dc=com uid: user4 cn: user4 objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount loginShell: /bin/bash uidNumber: 503 gidNumber: 500 homeDirectory: /home/user4 userPassword:: e2NyeXB0fSQxJC9kbjVRL2dPJHNkamdMZm1iRngxRnVFSXczNk9xeTE= shadowLastChange: 15971 # search result search: 2 result: 0 Success # numResponses: 3 # numEntries: 2 [root@srv openldap]#
LDAP服务器端准备完毕后,在postgresql中,还要建立同名的用户user4:
postgres>create user user4 password ‘!qaz2wsx’;
至于口令是否和前述的相同并不重要。
为了登录后有数据库供user4使用,还需要创建数据库:
postgres>create database user4 owner user4;
然后,在postgresql所在机器上,进行ldap相关设置:
为了更加简化此问题,暂时不采用pam相关的认证方式,而是只采用单纯的LDAP方式。
根据刚才的LDAP服务器上的查询,给postgresql中的pg_hba.conf文件进行配置:
-bash-3.2$ pwd
/opt/PostgreSQL/9.2
-bash-3.2$ cat ./data/pg_hba.conf # PostgreSQL Client Authentication Configuration File ... # TYPE DATABASE USER ADDRESS METHOD # "local" is for Unix domain socket connections only local all user4 ldap ldapserver=16.157.247.8 ldapprefix="uid=" ldapsuffix=",ou=People,o=System Support,dc=my-domain,dc=com" #local all all md5 # IPv4 local connections: #host all user4 pam postgresql host all all 127.0.0.1/32 md5 # IPv6 local connections: host all all ::1/128 md5 # Allow replication connections from localhost, by a user with the # replication privilege. #local replication postgres md5 #host replication postgres 127.0.0.1/32 md5 #host replication postgres ::1/128 md5 -bash-3.2$
然后,验证登录过程:
-bash-3.2$ ./bin/psql -Uuser4 Password for user user4: psql.bin (9.2.4) Type "help" for help. No entry for terminal type "xterm"; using dumb terminal settings. user4=>
此时LDAP服务器的log中有如下信息:
Sep 24 13:19:54 srv slapd[2311]: conn=9 fd=12 ACCEPT from IP=16.157.245.74:44853 (IP=0.0.0.0:389) Sep 24 13:19:54 srv slapd[2311]: conn=9 op=0 BIND dn="uid=user4,ou=People,o=System Support,dc=my-domain,dc=com" method=128 Sep 24 13:19:54 srv slapd[2311]: conn=9 op=0 BIND dn="uid=user4,ou=People,o=System Support,dc=my-domain,dc=com" mech=SIMPLE ssf=0 Sep 24 13:19:54 srv slapd[2311]: conn=9 op=0 RESULT tag=97 err=0 text= Sep 24 13:19:54 srv slapd[2311]: conn=9 op=1 UNBIND Sep 24 13:19:54 srv slapd[2311]: conn=9 fd=12 closed
登录成功
[作者 高健@博客园 luckyjackgao@gmail.com]
回到上一级页面:PostgreSQL基础知识与基本操作索引页 回到顶级页面:PostgreSQL索引页
磨砺技术珠矶,践行数据之道,追求卓越价值