| From: | João Gaspar <joao(dot)f(dot)r(dot)gaspar(at)gmail(dot)com> |
|---|---|
| To: | Marcelo Lacerda <marceloslacerda(at)gmail(dot)com> |
| Cc: | pgsql-general <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Problem enabling LDAP login |
| Date: | 2021-02-22 15:03:30 |
| Message-ID: | CAM+zXj2i03BFYoxr+kn2O8nnhXBvPTkLTTREBia-sqLBG8=6FA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hi,
Marcelo checks this I have a similar problem with the LDAP filter in
pg_hba.conf. I don't know if helps in your case. In my case, I needed to
add the OU (Organizational Unit)
Best regards,
João Gaspar
Marcelo Lacerda <marceloslacerda(at)gmail(dot)com> escreveu no dia segunda,
22/02/2021 à(s) 14:02:
> I'm having some trouble configuring ldap login to postgres. I have
> configured LDAP on pg_hba.conf and postgres picks up the correct
> configuration during login but I get an error message whenever I attempt to
> login with psql to a database named teste.
>
> psql: error: could not connect to server: FATAL: LDAP authentication
> failed for user "my_user_id"
>
> Looking at the log I get a more detailed message but it isn't very useful
> either
>
> 2021-02-22 10:41:29 -03:172.17.1.139(54178):my_user_id(at)teste:[50727]:
> LOG: could not search LDAP for filter "(sAMAccountName=my_user_id)" on
> server "my_ldap_server": Operations error
> 2021-02-22 10:41:29 -03:172.17.1.139(54178):my_user_id(at)teste:[50727]:
> DETAIL: LDAP diagnostics: 000004DC: LdapErr: DSID-0C09075A, comment: In
> order to perform this operation a successful bind must be completed on the
> connection., data 0, v1db1
> 2021-02-22 10:41:29 -03:172.17.1.139(54178):my_user_id(at)teste:[50727]:
> FATAL: LDAP authentication failed for user "my_user_id"
> 2021-02-22 10:41:29 -03:172.17.1.139(54178):my_user_id(at)teste:[50727]:
> DETAIL: Connection matched pg_hba.conf line 96: "host all
> all 172.17.1.0/24 ldap
> ldapserver="my_ldap_server" ldapbasedn="mybasedn"
> ldapsearchattribute="sAMAccountName" ldapbinddn="CN=my_bind_dn"
> ldapbindpasswd="my_bind_password"
>
> Searching postgres source code I was able to find where the problem
> happens[1] however it makes things a bit more confusing because from my
> understanding postgres was able to successfully bind to the LDAP server in
> line 2676 but on line 2700 it reported that a bind was necessary before
> querying.
>
> Looking at the tcp packages with tcpdump I was able to notice that
> openldap does in fact receive my_user_id information from the server but
> for some reason it tries to perform another operation afterwards and fails.
>
> Can anyone help me with this?
>
> [1] -
> https://github.com/postgres/postgres/blob/ca3b37487be333a1d241dab1bbdd17a211a88f43/src/backend/libpq/auth.c#L2700
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2021-02-22 15:36:56 | Re: Streaming replication between different OS |
| Previous Message | Oleksandr Voytsekhovskyy | 2021-02-22 15:00:43 | Simple IN vs IN values performace |