LDAP authentication failed

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

LDAP authentication failed

Pierre Ochsenbein-2
Hello

I'm running on PostgreSQL 10.6 and would like to connect with LDAP users.
I have sync all users from my group in my database.
I can connect when I use auth "trust" in pg_hba but I would like to connect remotely with AD password and I have this error:
SSL is ON in postgresql.conf

FATAL: LDAP authentication failed for user "userA" FATAL: no pg_hba.conf entry for host "10.1.1.181", user "userA", database "DB01", SSL off

pg_hba.conf:

hostssl    all             all             10.1.1.18/32        ldap  ldapurl="ldap://ldap.local/OU=ASA,OU=Forest%20Admin%20Accounts%20%26%20Roles,DC=ASATL,DC=NET?sAMAccountName?sub" ldaptls=1 ldapbinddn="CN=POSTGRES,OU=Service Accounts,OU=Global,OU=Member Servers,DC=PMINTL,DC=NET" ldapbindpasswd='password001'


I need to put the Group AD in ldap query line in pg_hba file?


Thanks

Reply | Threaded
Open this post in threaded view
|

Re: [External] LDAP authentication failed

Vijaykumar Jain
10.1.1.18/32 would only allow one host ip ( 10.1.1.18 ) to connect from.
"10.1.1.181" will fail i think.



Regards,
Vijay

On Thu, May 9, 2019 at 1:53 PM Pierre Ochsenbein
<[hidden email]> wrote:

>
> Hello
>
> I'm running on PostgreSQL 10.6 and would like to connect with LDAP users.
> I have sync all users from my group in my database.
> I can connect when I use auth "trust" in pg_hba but I would like to connect remotely with AD password and I have this error:
> SSL is ON in postgresql.conf
>
> FATAL: LDAP authentication failed for user "userA" FATAL: no pg_hba.conf entry for host "10.1.1.181", user "userA", database "DB01", SSL off
>
> pg_hba.conf:
>
> hostssl    all             all             10.1.1.18/32        ldap  ldapurl="ldap://ldap.local/OU=ASA,OU=Forest%20Admin%20Accounts%20%26%20Roles,DC=ASATL,DC=NET?sAMAccountName?sub" ldaptls=1 ldapbinddn="CN=POSTGRES,OU=Service Accounts,OU=Global,OU=Member Servers,DC=PMINTL,DC=NET" ldapbindpasswd='password001'
>
>
> I need to put the Group AD in ldap query line in pg_hba file?
>
>
> Thanks
>


Reply | Threaded
Open this post in threaded view
|

Re: [External] LDAP authentication failed

Pierre Ochsenbein-2
Sorry I have just adapt the IP Adresse in the email. The IP looks fine.

Le jeu. 9 mai 2019 à 11:11, Vijaykumar Jain <[hidden email]> a écrit :
10.1.1.18/32 would only allow one host ip ( 10.1.1.18 ) to connect from.
"10.1.1.181" will fail i think.



Regards,
Vijay

On Thu, May 9, 2019 at 1:53 PM Pierre Ochsenbein
<[hidden email]> wrote:
>
> Hello
>
> I'm running on PostgreSQL 10.6 and would like to connect with LDAP users.
> I have sync all users from my group in my database.
> I can connect when I use auth "trust" in pg_hba but I would like to connect remotely with AD password and I have this error:
> SSL is ON in postgresql.conf
>
> FATAL: LDAP authentication failed for user "userA" FATAL: no pg_hba.conf entry for host "10.1.1.181", user "userA", database "DB01", SSL off
>
> pg_hba.conf:
>
> hostssl    all             all             10.1.1.18/32        ldap  ldapurl="ldap://ldap.local/OU=ASA,OU=Forest%20Admin%20Accounts%20%26%20Roles,DC=ASATL,DC=NET?sAMAccountName?sub" ldaptls=1 ldapbinddn="CN=POSTGRES,OU=Service Accounts,OU=Global,OU=Member Servers,DC=PMINTL,DC=NET" ldapbindpasswd='password001'
>
>
> I need to put the Group AD in ldap query line in pg_hba file?
>
>
> Thanks
>


--
Cordialement,

Pierre Ochsenbein
Mobile: +33668295394
Reply | Threaded
Open this post in threaded view
|

Re: LDAP authentication failed

Laurenz Albe
In reply to this post by Pierre Ochsenbein-2
Pierre Ochsenbein wrote:

> I'm running on PostgreSQL 10.6 and would like to connect with LDAP users.
> I have sync all users from my group in my database.
> I can connect when I use auth "trust" in pg_hba but I would like to connect remotely with AD password and I have this error:
> SSL is ON in postgresql.conf
>
> FATAL: LDAP authentication failed for user "userA" FATAL: no pg_hba.conf entry for host "10.1.1.181", user "userA", database "DB01", SSL off
>
> pg_hba.conf:
>
> hostssl    all             all             10.1.1.18/32        ldap  ldapurl="ldap://ldap.local/OU=ASA,OU=Forest%20Admin%20Accounts%20%26%20Roles,DC=ASATL,DC=NET?sAMAccountName?sub" ldaptls=1 ldapbinddn="CN=POSTGRES,OU=Service Accounts,OU=Global,OU=Member Servers,DC=PMINTL,DC=NET" ldapbindpasswd='password001'

Apart from the difference in the IP address (which you say was a typo)
your pg_hba.conf line starts with "hostssl", which means that it only
applies to SSL connections.

But your error message suggests that the connection attempt was made
without SSL encryption.

Thic could be an artifact if the client tries both SSL and non-SSL
connections, in which case I would force SSL on the client side to get
the proper error.  Also, I'd look into the PostgreSQL server log file.

Yours,
Laurenz Albe
--
Cybertec | https://www.cybertec-postgresql.com