1

I need to configure Postgres LDAP authentication, and I'm hitting a brick wall. I'm using Postgres 8.4 (project requirement). I've read all the available documentation I can find, and the relevant line in my pg_hba.conf file is as follows:

host all all 10.0.0.0/8 ldap ldapserver=10.10.10.10 ldapport=389 ldaptls=0 ldapprefix="uid=DOMAIN\" ldapsuffix="ou=All Users,dc=ad,dc=example,dc=com"

When I attempt a remote login from the specified IP range using 'myname' as the user and 'mypassword' as the pass, where 'myname' is already a Postgres user, I continually get 'LDAP authentication failed for user "myname"' errors.

I wrote a Python script to perform a simple bind to validate the connection to AD, and this bind succeeds:

tls_configuration = None
use_ssl = False
server = Server('ldaps://10.10.10.10:389', use_ssl, tls_configuration)
bind_user='DOMAIN\myname'
bind_password='mypassword'
conn = Connection(server, bind_user, bind_password)
conn.bind()

So I can reach the AD server, the user exists, simple bind works, etc. Can anyone tell me where I'm going wrong with the pg_hba.conf configuration?

ericcarr
  • 19
  • 3
  • does the user exist as a db user? it needs to. You can use https://github.com/larskanis/pg-ldap-sync to sync users automatically – Neil McGuigan Feb 20 '17 at 23:51
  • At a glance I would blame the `ldapprefix="uid=DOMAIN\"` part. Can you tcdump the wire during the python auth and during the postgres one to craft the second one alike to the first? – 473183469 Feb 27 '17 at 12:30

0 Answers0