Re: [LDAPS] Test connection user with ldaps server

Hi all,
thanks for the feedback.

I was able to do it successfully but I didn't understand yet if there is a
bug in pg_hba.conf LDAP link interpretation or a messy domain.

So as I said previously, the ldapsearch is finding correctly the user1 fine
using only the url dc=company,dc=example,dc=com
ldapsearch -x -H ldaps://serverurl -W -D "cn= user-to-do-
autentication-ldap-connection" -b "dc=company,dc=example,dc=com"
"sAMAccountName=user1"

Before (Can't search):
host all all 0.0.0.0/0 ldap
ldapurl="ldaps://serverurl:636/DC=company,DC=example,DC=com?sAMAccountName?sub"
ldapbinddn="user-to-do-autentication-ldap-connection" ldapbindpasswd="
user-ldap-connection password-autentication"

So what I did was add the Organization Unit (OU) and now works fine.

After:
host all all 0.0.0.0/0 ldap
ldapurl="ldaps://serverurl:636/OU=sub-company,DC=company,DC=example,DC=com?sAMAccountName?sub"
ldapbinddn="user-to-do-autentication-ldap-connection" ldapbindpasswd="
user-ldap-connection password-autentication"

Best regards,
João Gaspar

Thomas Munro <thomas(dot)munro(at)gmail(dot)com> escreveu no dia segunda, 15/02/2021
à(s) 22:39:

> On Tue, Feb 16, 2021 at 4:32 AM Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>
> wrote:
> > What I would do is experiment with the "ldapsearch" executable from
> OpenLDAP and see
> > if you can reproduce the problem from the command line.
>
> Also, maybe try doing this as the "postgres" user (or whatever user
> PostgreSQL runs as), just in case there are some environmental
> differences affecting the behaviour.
>