2

I am trying to set up LDAP authentication with Postgres. I have user in my database with the same name as in AD and the following string in pg_hba.conf:

host all myusername 0.0.0.0/0 ldap ldapserver=ldap.server.address ldapport=10636 ldapprefix="" ldapsuffix="@domain.com" ldapscheme=ldaps

LDAP server accessible from postgres server. LDAP service is up and listening to port 10636 I can login with this username/password to other services integrated with AD.

But when i connect to the database i get error:

user is not authenticated (LDAP)

What am I doing wrong?

Improve this question
5
  • What you see in the PG log? Commented Sep 29, 2021 at 13:25
  • LDAP diagnostics: server shutdown Commented Sep 29, 2021 at 13:28
  • you already tested telnet no? And, check the postgres logs, not the ldap logs, to see the error. this is my current line to use with ldap: host all all 0.0.0.0/0 ldap ldapserver=10.20.90.252 ldapport=389 ldaptls=0 ldapprefix="uid=" ldapsuffix=",cn=users,cn=accounts,dc=nps,dc=local" Commented Sep 29, 2021 at 13:38
  • from the bash, can you login in ldap? Commented Sep 29, 2021 at 13:39
  • Neither one of those errors looks like one I would expect PostgreSQL to generate. Whose errors are those? Are they they complete error message? Commented Sep 29, 2021 at 14:30

1 Answer 1

Reset to default
4

I was thinking where to leave a note on how to configure LDAP in PostgreSQL.

This is a great place! :)

Attention - the ldap method does not have a map property, so you cannot make comparisons through the pg_ident.conf file You need to configure authentication in the pg_hba.conf file like this:

# TYPE  DATABASE    USER    ADDRESS     METHOD
host    all         all     0.0.0.0/0   ldap    ldapserver=mydomain.local ldapport=389 ldaptls=1 ldapprefix=""

or

# TYPE  DATABASE    USER    ADDRESS     METHOD
host    all         all     0.0.0.0/0   ldap    ldapserver=mydomain.local ldapport=636 ldapprefix=""

Users need to be created with an exact match of the UPN name!

CREATE ROLE "[email protected]" WITH SUPERUSER LOGIN;

When connecting, use the full UPN name format!

psql -h 127.0.0.1 -U "[email protected]" -W postgres
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.