Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tOecW-007pZX-FO for pgsql-admin@arkaria.postgresql.org; Fri, 20 Dec 2024 15:08:53 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1tOecU-00CQTP-7V for pgsql-admin@arkaria.postgresql.org; Fri, 20 Dec 2024 15:08:49 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tOecT-00CQRS-KK for pgsql-admin@lists.postgresql.org; Fri, 20 Dec 2024 15:08:49 +0000 Received: from mx0b-0039f802.pphosted.com ([205.220.176.45]) by makus.postgresql.org with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tOecP-000ZI0-B2 for pgsql-admin@lists.postgresql.org; Fri, 20 Dec 2024 15:08:47 +0000 Received: from pps.filterd (m0209982.ppops.net [127.0.0.1]) by mx0b-0039f802.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 4BK6W4ZF009264 for ; Fri, 20 Dec 2024 07:08:43 -0800 Received: from mail-yw1-f197.google.com (mail-yw1-f197.google.com [209.85.128.197]) by mx0b-0039f802.pphosted.com (PPS) with ESMTPS id 43h9157u0h-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Fri, 20 Dec 2024 07:08:43 -0800 (PST) Received: by mail-yw1-f197.google.com with SMTP id 00721157ae682-6f2b386136aso27371647b3.1 for ; Fri, 20 Dec 2024 07:08:43 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734707323; x=1735312123; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=73CGlOwcL+rH3+SMYbc6VRjM3zqIsbo7bWam+5nhqWE=; b=K9OHT2z9QUS3EBTiCHykXjZ+fNTRYXEj2C6mLzYzbYzfzo4T0Dtgl1CcAIneBQBsU7 iwxbKp7HpA1+wVqhTuWvqwIsDfjCT+unBOFLju/EFdHjD3GbxbMnJfCNHgIggccdgMID 1MOWMJJ9tHLsaRG5FfH/k5x9uyVee9EUnRir45gzQcv5IHWkc4Xj3s6l2X44hWmZHnX8 Nx2L5Rxa8/GqcU3XGo1MLeywQl2W5ezoKCOXH/3Fb+RBiJAp25tCM9yEgJ8g0lTzAKir KRLpo90rUVPqC2QGEdswo54ZsFU4O8k3LvlxdQik5rB4r9pF0U7iHGjDOKPzW9Y0abl5 PEpQ== X-Gm-Message-State: AOJu0YxUREY1Ry006zwoUoFq3W56peVq9XX1Wcv50r5r0R4X6EUj0Q0o VzIbN9nDTI73ftMnnMaaM1GmExE52j/dTA6L05NawQOY5zgpnQgArqXRWff2zmIonbW9bpsNndT HDBKSGFTsduq0M/eQBTlcpG4+SBnRH9B3esqZKAq0MCVQ9Gu9s+BZx8vacQ0Ozu/nhX6wwXbE5U OjSbMz0Ycgm3Eyq8ehpNnI7C6Qk2xwgFvvTZj0Xg2R+WTCRO7oQ3pNmJPeDObnkcIZ/ZAjfnBfR EI= X-Gm-Gg: ASbGncuj/R8BHuy1fQ7hMnflBUEEWf5iyX1+XL0NtU3iYnqoXH+jwZhCh7bTD9Cx7wS MncpJKnHoa5OmhCqWMZEkyEFAn7c9yzleR7ep X-Received: by 2002:a05:6902:1003:b0:e38:87bf:8e61 with SMTP id 3f1490d57ef6-e538c28e153mr2158847276.27.1734707322860; Fri, 20 Dec 2024 07:08:42 -0800 (PST) X-Google-Smtp-Source: AGHT+IGiNQGUNoAefJNFnCMPOlFtc7CUJXFxZy8vISfY7fOgvakqd6yvRz4Fv2EguVpQ9W5shqF54hYFlfhdYD9OBmE= X-Received: by 2002:a05:6902:1003:b0:e38:87bf:8e61 with SMTP id 3f1490d57ef6-e538c28e153mr2158784276.27.1734707322287; Fri, 20 Dec 2024 07:08:42 -0800 (PST) MIME-Version: 1.0 References: <83c50b58-a8a7-4526-85db-fecc649aa561@cloud.gatewaynet.com> In-Reply-To: <83c50b58-a8a7-4526-85db-fecc649aa561@cloud.gatewaynet.com> From: Sam Stearns Date: Fri, 20 Dec 2024 07:08:31 -0800 Message-ID: Subject: Re: How To Configure PostgreSQL to Use LDAP for Authentication To: Achilleas Mantzios - cloud Cc: pgsql-admin@lists.postgresql.org Content-Type: multipart/alternative; boundary="000000000000bc179c0629b50509" X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1057,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2024-12-20_05,2024-12-19_01,2024-11-22_01 List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --000000000000bc179c0629b50509 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Yes, we got this working by formatting the pg_hba.conf entry correctly. Thanks! On Fri, Dec 20, 2024 at 12:33=E2=80=AFAM Achilleas Mantzios - cloud < a.mantzios@cloud.gatewaynet.com> wrote: > On 12/6/24 16: 15, Henry Ashu wrote: Hi, Please, I need help with how to > configure postgresql to use LDAP for Authentication. Here is what I hav= e > tried; host all all 0. 0. 0. 0/0 ldap ldapserver=3Dldap: //adserver. doma= in. > com ldapport=3D389 ldapprefix=3D"DOMAIN\" > ZjQcmQRYFpfptBannerStart > This Message Is From an Untrusted Sender > You have not previously corresponded with this sender. > > ZjQcmQRYFpfptBannerEnd > > > On 12/6/24 16:15, Henry Ashu wrote: > > Hi, > > Please, I need help with how to configure postgresql to use LDAP for > Authentication. > > *Here is what I have tried;* > > host all all 0.0.0.0/0 ldap ldapserver=3Dldap://adserver.domain.com > ldapport=3D389 ldapprefix=3D"DOMAIN\" ldapsuffix=3D"" ldapbinddn=3D > postgres-user@domain.com ldapbindpasswd=3Dmypassword > > > host all all 0.0.0.0/0 ldap > ldapurl=3D"ldaps://adserver.domain.com:636" > ldapbasedn=3D"OU=3DUsers,OU=3DEngland 053,OU=3DCommercial > Services,DC=3Ddomain,DC=3Dcom" ldapbinddn=3D"postgres-user@domain.com" > ldapbindpasswd=3D"mypassword" ldapsearchattribute=3D"OU=3DUsers,OU=3DEngl= and > 053,OU=3DCommercial Services,DC=3Ddomain,DC=3Dcom" > > > > host all all 0.0.0.0/0 ldap > ldapserver=3D"adserver.domain.com" ldapport=3D636 ldapscheme=3D"l= daps" > ldapbasedn=3D"OU=3DUsers,OU=3DEngland 053,OU=3DCommercial > Services,DC=3Ddomain,DC=3Dcom" ldapbinddn=3D"OU=3DUsers,OU=3DEngland > 053,OU=3DCommercial Services,DC=3Ddomain,DC=3Dcom" > ldapbindpasswd=3D"mypassword" ldapsearchattribute=3D"adservice-accoun= t" > > > *And this is the error I'm getting;* > > [postgres@myserver ~]$ psql -U myuser mydatabase > psql: error: connection to server on socket > "/run/postgresql/.s.PGSQL.5432" failed: FATAL: no pg_hba.conf entry for > host "[local]", user "myuser", database "mydatabase", no encryption > [postgres@myserver ~]$ psql -U "MYDOMAIN\myuser" mydatabase > psql: error: connection to server on socket > "/run/postgresql/.s.PGSQL.5432" failed: FATAL: no pg_hba.conf entry for > host "[local]", user "MYDOMAIN\myuser", database "mydatabase", no encrypt= ion > > Fix your pg_hba.conf, LDAP is the least of your problems. > > Thank you > > *Henry Ashu* > > Database Administrator > *o:* 503.672.5114 | *f:* 800.551.8821 | DAT.com > [image: DAT Solutions] [image: Like us on > Facebook] [image: Follow us on > Twitter] [image: Connect with us on > LinkedIn] [image: Visit > our YouTube Channel] [image: > Visit us on Instagram] > > --=20 *Samuel Stearns* Lead Database Administrator *c:* 971 762 6879 | *o:* 503 672 5115 | DAT.com [image: DAT] --000000000000bc179c0629b50509 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Yes, we got this working by formatting the pg_hba.conf ent= ry correctly.=C2=A0 Thanks!

On Fri, Dec 20, 2024 at 12= :33=E2=80=AFAM Achilleas Mantzios - cloud <a.mantzios@cloud.gatewaynet.com> wrote:
On 12/6/24 16:=E2=80=8A15, Henry Ashu wrote: Hi, Please, I need help with h= ow to configure postgresql to use LDAP for Authentication.=E2=80=8A=C2=A0 H= ere is what I have tried; host all all 0.=E2=80=8A0.=E2=80=8A0.=E2=80=8A0/0= ldap ldapserver=3Dldap:=E2=80=8A//adserver.=E2=80=8Adomain.=E2=80=8Acom ld= apport=3D389 ldapprefix=3D"DOMAIN\"
ZjQcmQRYFpfptBannerStart
This Message Is From an Untrusted Sender
You have not previously corresponded with this sender.
=C2=A0
ZjQcmQRYFpfptBannerEnd
=20 =20 =20


On 12/6/24 16:15, Henry Ashu wrote:
=20
Hi,

Please, I need help with how to configure postgresql to use LDAP for Authentication.=C2=A0

Here is what I have tried;

host all all 0.= 0.0.0/0 ldap ldapserver=3Dldap://adserver.domain.com ldapport=3D389 ldapprefix=3D"DOMAIN\" ldapsuffix=3D&quo= t;" ldapbinddn=3Dpostgres-user@domain.com ldapbindpasswd=3Dmypassword


host =C2=A0 =C2=A0all =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 a= ll =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 0.0.0.0/0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ldap =C2=A0 =C2=A0 =C2=A0 =C2=A0ldapu= rl=3D"ldaps://adserver.domain.com:636" ldapbasedn=3D"OU=3DUsers,OU=3DEngland 053,OU=3DCommercial Services,DC=3Ddomain,DC=3Dcom" ldapbinddn=3D"postgres-user@domain.co= m" ldapbindpasswd=3D"mypassword" ldapsearchattribute=3D"OU=3DUsers,OU=3DEngland 053,OU=3DComm= ercial Services,DC=3Ddomain,DC=3Dcom"



host =C2=A0 =C2=A0all =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 a= ll =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 0.0.0.0/0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ldap =C2=A0 =C2=A0 =C2=A0 =C2=A0 ldap= server=3D"ads= erver.domain.com" =C2=A0 =C2=A0 ldapport=3D636 =C2=A0 =C2=A0 ldapscheme=3D"lda= ps" =C2=A0 =C2=A0 ldapbasedn=3D"OU=3DUsers,OU=3DEngland 053,OU=3DCommercial Services,DC=3Ddomain,DC=3Dcom" =C2=A0 =C2=A0 ldapbinddn=3D&q= uot;OU=3DUsers,OU=3DEngland 053,OU=3DCommercial Services,DC=3Ddomain,DC=3Dcom" =C2=A0 = =C2=A0 ldapbindpasswd=3D"mypassword" =C2=A0 =C2=A0 ldapsearchattribute=3D"adservice-account"


And this is the error I'm getting;

[postgres@myserver ~]$ psql -U myuser mydatabase
psql: error: connection to server on socket "/run/postgresql/.s.PGSQL.5432" failed: FATAL: =C2=A0no= pg_hba.conf entry for host "[local]", user "myuser", data= base "mydatabase", no encryption
[postgres@myserver ~]$ psql -U "MYDOMAIN\myuser" mydata= base
psql: error: connection to server on socket "/run/postgresql/.s.PGSQL.5432" failed: FATAL: =C2=A0no= pg_hba.conf entry for host "[local]", user "MYDOMAIN\myuser&qu= ot;, database "mydatabase", no encryption
Fix your pg_hba.conf, LDAP is the least of your problems.

Thank you

Henry Ashu

Database Administrator
o:=C2=A0503.672.5114=C2=A0|=C2=A0f:=C2=A0800.551.882= 1=C2=A0|=C2=A0DAT.com<= /p>

3D"DAT=C2=A0 =C2=A0=C2=A03D"Like=C2=A0=C2=A03D"Follow=C2=A0=C2=A03D"Connect=C2=A0=C2=A0=C2=A0=C2=A0= 3D"Visit<= /div>


--

Samuel Stearns
Lead Dat= abase Administrator
c:=C2=A0971 762 6879=C2=A0|=C2=A0o:=C2=A0503 67= 2 5115=C2=A0|=C2=A0DAT.com

3D"DAT"
--000000000000bc179c0629b50509--