| From: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
|---|---|
| To: | Pierre Ochsenbein <pierreochsenbein(at)gmail(dot)com>, pgsql-admin <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: LDAP authentication failed |
| Date: | 2019-05-09 11:42:06 |
| Message-ID: | 994d6f5f247b972bc148a44fef9d8b5577845090.camel@cybertec.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Pierre Ochsenbein wrote:
> I'm running on PostgreSQL 10.6 and would like to connect with LDAP users.
> I have sync all users from my group in my database.
> I can connect when I use auth "trust" in pg_hba but I would like to connect remotely with AD password and I have this error:
> SSL is ON in postgresql.conf
>
> FATAL: LDAP authentication failed for user "userA" FATAL: no pg_hba.conf entry for host "10.1.1.181", user "userA", database "DB01", SSL off
>
> pg_hba.conf:
>
> hostssl all all 10.1.1.18/32 ldap ldapurl="ldap://ldap.local/OU=ASA,OU=Forest%20Admin%20Accounts%20%26%20Roles,DC=ASATL,DC=NET?sAMAccountName?sub" ldaptls=1 ldapbinddn="CN=POSTGRES,OU=Service Accounts,OU=Global,OU=Member Servers,DC=PMINTL,DC=NET" ldapbindpasswd='password001'
Apart from the difference in the IP address (which you say was a typo)
your pg_hba.conf line starts with "hostssl", which means that it only
applies to SSL connections.
But your error message suggests that the connection attempt was made
without SSL encryption.
Thic could be an artifact if the client tries both SSL and non-SSL
connections, in which case I would force SSL on the client side to get
the proper error. Also, I'd look into the PostgreSQL server log file.
Yours,
Laurenz Albe
--
Cybertec | https://www.cybertec-postgresql.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Pavan Kumar | 2019-05-09 12:32:31 | Re: postgres wal log configuration question |
| Previous Message | Pierre Ochsenbein | 2019-05-09 09:10:37 | Re: [External] LDAP authentication failed |