Re: LDAP authentication problem

Στις 18/10/24 14:29, ο/η Domen Šetar έγραψε:

> Hi Admins,
>
> I have faced very strange problem in one of my postgresql servers. We
> use LDAP authentication.
>
> Several colegues can't login with their AD accounts into the server. I
> found error messages in postgresql log:
>
> 2024-10-18 07:23:46 CEST [3203974]: [2-1] …  could not search LDAP for
> filter "(samaccountname=johndoe)" on server "adc1 adc2": Operations error
>
> 2024-10-18 07:23:46 CEST [3203974]: [3-1] … DETAIL:  LDAP diagnostics:
> 000004DC: LdapErr: DSID-0C090C78, comment: In order to perform this
> operation a successful bind must be completed on the connection., data
> 0, v4f7c
>
> 2024-10-18 07:23:46 CEST [3203974]: [4-1] … FATAL:  LDAP
> authentication failed for user "johndoe”
>
> I can login with my AD account.
>
> Ldapsearch works from the host.
>
> My colegues can login with the same LDAP account to postgresql on
> antoher hosts.
>
Can you post the effective pg_hba.conf lines? What does the AD logs say ?

BTW, Had you looked for AD alternatives before deploying it? Such as
FreeIPA ? OpenLDAP ?

> I'm out of ideas what could be wrong.
>
> Best regards!
>
> izum
>
>
>
> Domen Šetar
> /Computer Systems Support/
> IZUM – Institute of Information Science| Prešernova ulica 17 | 2000
> Maribor |Slovenia/
> /T: +386 2 25 20 339| M: +386 41 676 342| www.izum.si
> <http://www.izum.si/>|domen(dot)setar(at)izum(dot)si <mailto:domen(dot)setar(at)izum(dot)si>
>