Problem enabling LDAP login

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Problem enabling LDAP login

Marcelo Lacerda
I'm having some trouble configuring ldap login to postgres. I have configured LDAP on pg_hba.conf and postgres picks up the correct configuration during login but I get an error message whenever I attempt to login with psql to a database named teste.

psql: error: could not connect to server: FATAL:  LDAP authentication failed for user "my_user_id"

Looking at the log I get a more detailed message but it isn't very useful either

2021-02-22 10:41:29 -03:172.17.1.139(54178):my_user_id@teste:[50727]: LOG:  could not search LDAP for filter "(sAMAccountName=my_user_id)" on server "my_ldap_server": Operations error
2021-02-22 10:41:29 -03:172.17.1.139(54178):my_user_id@teste:[50727]: DETAIL:  LDAP diagnostics: 000004DC: LdapErr: DSID-0C09075A, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1
2021-02-22 10:41:29 -03:172.17.1.139(54178):my_user_id@teste:[50727]: FATAL:  LDAP authentication failed for user "my_user_id"
2021-02-22 10:41:29 -03:172.17.1.139(54178):my_user_id@teste:[50727]: DETAIL:  Connection matched pg_hba.conf line 96: "host    all             all             172.17.1.0/24             ldap ldapserver="my_ldap_server" ldapbasedn="mybasedn" ldapsearchattribute="sAMAccountName" ldapbinddn="CN=my_bind_dn" ldapbindpasswd="my_bind_password"

Searching postgres source code I was able to find where the problem happens[1] however it makes things a bit more confusing because from my understanding postgres was able to successfully bind to the LDAP server in line 2676 but on line 2700 it reported that a bind was necessary before querying.

Looking at the tcp packages with tcpdump I was able to notice that openldap does in fact receive my_user_id information from the server but for some reason it tries to perform another operation afterwards and fails.

Can anyone help me with this?

Reply | Threaded
Open this post in threaded view
|

Re: Problem enabling LDAP login

João Gaspar
Hi,
Marcelo checks this I have a similar problem with the LDAP filter in pg_hba.conf. I don't know if helps in your case. In my case, I needed to add the OU (Organizational Unit)




Best regards,
João Gaspar


Marcelo Lacerda <[hidden email]> escreveu no dia segunda, 22/02/2021 à(s) 14:02:
I'm having some trouble configuring ldap login to postgres. I have configured LDAP on pg_hba.conf and postgres picks up the correct configuration during login but I get an error message whenever I attempt to login with psql to a database named teste.

psql: error: could not connect to server: FATAL:  LDAP authentication failed for user "my_user_id"

Looking at the log I get a more detailed message but it isn't very useful either

2021-02-22 10:41:29 -03:172.17.1.139(54178):my_user_id@teste:[50727]: LOG:  could not search LDAP for filter "(sAMAccountName=my_user_id)" on server "my_ldap_server": Operations error
2021-02-22 10:41:29 -03:172.17.1.139(54178):my_user_id@teste:[50727]: DETAIL:  LDAP diagnostics: 000004DC: LdapErr: DSID-0C09075A, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1
2021-02-22 10:41:29 -03:172.17.1.139(54178):my_user_id@teste:[50727]: FATAL:  LDAP authentication failed for user "my_user_id"
2021-02-22 10:41:29 -03:172.17.1.139(54178):my_user_id@teste:[50727]: DETAIL:  Connection matched pg_hba.conf line 96: "host    all             all             172.17.1.0/24             ldap ldapserver="my_ldap_server" ldapbasedn="mybasedn" ldapsearchattribute="sAMAccountName" ldapbinddn="CN=my_bind_dn" ldapbindpasswd="my_bind_password"

Searching postgres source code I was able to find where the problem happens[1] however it makes things a bit more confusing because from my understanding postgres was able to successfully bind to the LDAP server in line 2676 but on line 2700 it reported that a bind was necessary before querying.

Looking at the tcp packages with tcpdump I was able to notice that openldap does in fact receive my_user_id information from the server but for some reason it tries to perform another operation afterwards and fails.

Can anyone help me with this?

Reply | Threaded
Open this post in threaded view
|

Re: Re: Problem enabling LDAP login

Marcelo Lacerda
In reply to this post by Marcelo Lacerda
Thank you joão, that solved the problem!