Re: LDAP authentication problem - Achilleas Mantzios

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Achilleas Mantzios <[email protected]>
To: [email protected]
Subject: Re: LDAP authentication problem
Date: Sat, 19 Oct 2024 07:49:44 +0300
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>

Στις 18/10/24 14:29, ο/η Domen Šetar έγραψε:

> Hi Admins,
>
> I have faced very strange problem in one of my postgresql servers. We 
> use LDAP authentication.
>
> Several colegues can't login with their AD accounts into the server. I 
> found error messages in postgresql log:
>
> 2024-10-18 07:23:46 CEST [3203974]: [2-1] …  could not search LDAP for 
> filter "(samaccountname=johndoe)" on server "adc1 adc2": Operations error
>
> 2024-10-18 07:23:46 CEST [3203974]: [3-1] … DETAIL:  LDAP diagnostics: 
> 000004DC: LdapErr: DSID-0C090C78, comment: In order to perform this 
> operation a successful bind must be completed on the connection., data 
> 0, v4f7c
>
> 2024-10-18 07:23:46 CEST [3203974]: [4-1] … FATAL:  LDAP 
> authentication failed for user "johndoe”
>
> I can login with my AD account.
>
> Ldapsearch works from the host.
>
> My colegues can login with the same LDAP account to postgresql on 
> antoher hosts.
>
Can you post the effective pg_hba.conf lines? What does the AD logs say ?

BTW, Had you looked for AD alternatives before deploying it? Such as 
FreeIPA ? OpenLDAP ?

> I'm out of ideas what could be wrong.
>
> Best regards!
>
> izum
>
> 	
>
> Domen Šetar
> /Computer Systems Support/
> IZUM – Institute of Information Science| Prešernova ulica 17 | 2000 
> Maribor |Slovenia/
> /T: +386 2 25 20 339| M: +386 41 676 342| www.izum.si 
> <http://www.izum.si/;|[email protected] <mailto:[email protected]>
>

Attachments:

  [image/jpeg] image002.jpg (1.3K, 3-image002.jpg)
  download | view image

view thread (2+ messages)

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected]
  Subject: Re: LDAP authentication problem
  In-Reply-To: <[email protected]>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox