Hi, Marcelo checks this I have a similar problem with the LDAP filter in pg_hba.conf. I don't know if helps in your case. In my case, I needed to add the OU (Organizational Unit)
https://www.postgresql.org/message-id/CAM%2BzXj0b71fckDSTxPwX58ze-9mtD4UxbktzGCmUYAnjoZti3A%40mail.gmail.com Best regards, João Gaspar Marcelo Lacerda <marceloslace...@gmail.com> escreveu no dia segunda, 22/02/2021 à(s) 14:02: > I'm having some trouble configuring ldap login to postgres. I have > configured LDAP on pg_hba.conf and postgres picks up the correct > configuration during login but I get an error message whenever I attempt to > login with psql to a database named teste. > > psql: error: could not connect to server: FATAL: LDAP authentication > failed for user "my_user_id" > > Looking at the log I get a more detailed message but it isn't very useful > either > > 2021-02-22 10:41:29 -03:172.17.1.139(54178):my_user_id@teste:[50727]: > LOG: could not search LDAP for filter "(sAMAccountName=my_user_id)" on > server "my_ldap_server": Operations error > 2021-02-22 10:41:29 -03:172.17.1.139(54178):my_user_id@teste:[50727]: > DETAIL: LDAP diagnostics: 000004DC: LdapErr: DSID-0C09075A, comment: In > order to perform this operation a successful bind must be completed on the > connection., data 0, v1db1 > 2021-02-22 10:41:29 -03:172.17.1.139(54178):my_user_id@teste:[50727]: > FATAL: LDAP authentication failed for user "my_user_id" > 2021-02-22 10:41:29 -03:172.17.1.139(54178):my_user_id@teste:[50727]: > DETAIL: Connection matched pg_hba.conf line 96: "host all > all 172.17.1.0/24 ldap > ldapserver="my_ldap_server" ldapbasedn="mybasedn" > ldapsearchattribute="sAMAccountName" ldapbinddn="CN=my_bind_dn" > ldapbindpasswd="my_bind_password" > > Searching postgres source code I was able to find where the problem > happens[1] however it makes things a bit more confusing because from my > understanding postgres was able to successfully bind to the LDAP server in > line 2676 but on line 2700 it reported that a bind was necessary before > querying. > > Looking at the tcp packages with tcpdump I was able to notice that > openldap does in fact receive my_user_id information from the server but > for some reason it tries to perform another operation afterwards and fails. > > Can anyone help me with this? > > [1] - > https://github.com/postgres/postgres/blob/ca3b37487be333a1d241dab1bbdd17a211a88f43/src/backend/libpq/auth.c#L2700 >
