public inbox for [email protected]
help / color / mirror / Atom feedLDAP authentication problem
2+ messages / 2 participants
[nested] [flat]
* LDAP authentication problem
@ 2024-10-18 11:29 =?iso-8859-2?Q?Domen_=A9etar?= <[email protected]>
2024-10-19 04:49 ` Re: LDAP authentication problem Achilleas Mantzios <[email protected]>
0 siblings, 1 reply; 2+ messages in thread
From: =?iso-8859-2?Q?Domen_=A9etar?= @ 2024-10-18 11:29 UTC (permalink / raw)
To: [email protected] <[email protected]>
Hi Admins,
I have faced very strange problem in one of my postgresql servers. We use LDAP authentication.
Several colegues can't login with their AD accounts into the server. I found error messages in postgresql log:
2024-10-18 07:23:46 CEST [3203974]: [2-1] ... could not search LDAP for filter "(samaccountname=johndoe)" on server "adc1 adc2": Operations error
2024-10-18 07:23:46 CEST [3203974]: [3-1] ... DETAIL: LDAP diagnostics: 000004DC: LdapErr: DSID-0C090C78, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v4f7c
2024-10-18 07:23:46 CEST [3203974]: [4-1] ... FATAL: LDAP authentication failed for user "johndoe"
I can login with my AD account.
Ldapsearch works from the host.
My colegues can login with the same LDAP account to postgresql on antoher hosts.
I'm out of ideas what could be wrong.
Best regards!
[izum]
Domen Šetar
Computer Systems Support
IZUM - Institute of Information Science | Prešernova ulica 17 | 2000 Maribor | Slovenia
T: +386 2 25 20 339 | M: +386 41 676 342 | www.izum.si<http://www.izum.si/; | [email protected]<mailto:[email protected]>
Attachments:
[image/jpeg] image002.jpg (1.3K, 3-image002.jpg)
download | view image
^ permalink raw reply [nested|flat] 2+ messages in thread
* Re: LDAP authentication problem
2024-10-18 11:29 LDAP authentication problem =?iso-8859-2?Q?Domen_=A9etar?= <[email protected]>
@ 2024-10-19 04:49 ` Achilleas Mantzios <[email protected]>
0 siblings, 0 replies; 2+ messages in thread
From: Achilleas Mantzios @ 2024-10-19 04:49 UTC (permalink / raw)
To: [email protected]
Στις 18/10/24 14:29, ο/η Domen Šetar έγραψε:
> Hi Admins,
>
> I have faced very strange problem in one of my postgresql servers. We
> use LDAP authentication.
>
> Several colegues can't login with their AD accounts into the server. I
> found error messages in postgresql log:
>
> 2024-10-18 07:23:46 CEST [3203974]: [2-1] … could not search LDAP for
> filter "(samaccountname=johndoe)" on server "adc1 adc2": Operations error
>
> 2024-10-18 07:23:46 CEST [3203974]: [3-1] … DETAIL: LDAP diagnostics:
> 000004DC: LdapErr: DSID-0C090C78, comment: In order to perform this
> operation a successful bind must be completed on the connection., data
> 0, v4f7c
>
> 2024-10-18 07:23:46 CEST [3203974]: [4-1] … FATAL: LDAP
> authentication failed for user "johndoe”
>
> I can login with my AD account.
>
> Ldapsearch works from the host.
>
> My colegues can login with the same LDAP account to postgresql on
> antoher hosts.
>
Can you post the effective pg_hba.conf lines? What does the AD logs say ?
BTW, Had you looked for AD alternatives before deploying it? Such as
FreeIPA ? OpenLDAP ?
> I'm out of ideas what could be wrong.
>
> Best regards!
>
> izum
>
>
>
> Domen Šetar
> /Computer Systems Support/
> IZUM – Institute of Information Science| Prešernova ulica 17 | 2000
> Maribor |Slovenia/
> /T: +386 2 25 20 339| M: +386 41 676 342| www.izum.si
> <http://www.izum.si/;|[email protected] <mailto:[email protected]>
>
Attachments:
[image/jpeg] image002.jpg (1.3K, 3-image002.jpg)
download | view image
^ permalink raw reply [nested|flat] 2+ messages in thread
end of thread, other threads:[~2024-10-19 04:49 UTC | newest]
Thread overview: 2+ messages (download: mbox mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2024-10-18 11:29 LDAP authentication problem =?iso-8859-2?Q?Domen_=A9etar?= <[email protected]>
2024-10-19 04:49 ` Achilleas Mantzios <[email protected]>
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox