From: | jan(dot)sarenik(at)generali(dot)cz |
---|---|
To: | pgsql-bugs(at)postgresql(dot)org |
Subject: | BUG #9818: LDAP Authentication subtree problem |
Date: | 2014-04-01 14:19:07 |
Message-ID: | 20140401141907.363.53665@wrigleys.postgresql.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
The following bug has been logged on the website:
Bug reference: 9818
Logged by: Ján Sáreník
Email address: jan(dot)sarenik(at)generali(dot)cz
PostgreSQL version: Unsupported/Unknown
Operating system: CentOS 6.5
Description:
Hello!
Following line is my only record in pg_hba.conf:
local all all ldap
ldapurl="ldap://aa00aaa001.aaaa.corp.local/DC=aaaa,DC=corp,DC=local?sAMAccountName?sub"
ldapbinddn="CN=svcLDAPDWH,OU=Services,OU=UsersAdm,DC=aaaa,DC=corp,DC=local"
ldapbindpasswd="XXXXXX"
LDAP server is Microsoft Active Directory.
I am testing on 554bb3beba27bf4a49edecc40f6c0f249974bc7c (today's git tree)
Version of OpenLDAP does not influence it (I have linked it with current
release, no change).
All I want in the end is to log into postgres as both of following users
CN=A000001,OU=UsersW7,DC=gpcz,DC=corp,DC=local
CN=A000002,OU=UsersStd,DC=gpcz,DC=corp,DC=local
Instead all I am getting is:
LOG: could not search LDAP for filter "(CN=A000001)" on server
"aa00aaa001.aaaa.corp.local": Operations error
LOG: could not search LDAP for filter "(CN=A000002)" on server
"aa00aaa001.aaaa.corp.local": Operations error
If I specify ldapurl to contain OU=UsersW7, I can log in as A000001
but not A000002 (and vice versa).
The only work around I was able to do so far is following, based
on the idea that LDAP_OPERATIONS_ERROR produced by MS AD server
is misleading. See end of
http://msdn.microsoft.com/en-us/library/dd303696.aspx
Thanks,
Ján
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 31ade0b..75255dd 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -2007,7 +2007,7 @@ CheckLDAPAuth(Port *port)
0,
&search_message);
- if (r != LDAP_SUCCESS)
+ if (r != LDAP_SUCCESS && r != LDAP_OPERATIONS_ERROR)
{
ereport(LOG,
(errmsg("could not search LDAP for filter \"%s\" on
server \"%s\": %s",
From | Date | Subject | |
---|---|---|---|
Next Message | ilussier | 2014-04-01 15:01:57 | BUG #9820: Parentheses removed in chech constraint |
Previous Message | Samokhin, Dmitry [MNPP Saturn] | 2014-04-01 12:53:35 | Re: BUG #9756: Inconsistent database after OS restart |