Pierre Ochsenbein wrote: > I'm running on PostgreSQL 10.6 and would like to connect with LDAP users. > I have sync all users from my group in my database. > I can connect when I use auth "trust" in pg_hba but I would like to connect remotely with AD password and I have this error: > SSL is ON in postgresql.conf > > FATAL: LDAP authentication failed for user "userA" FATAL: no pg_hba.conf entry for host "10.1.1.181", user "userA", database "DB01", SSL off > > pg_hba.conf: > > hostssl all all 10.1.1.18/32 ldap ldapurl="ldap://ldap.local/OU=ASA,OU=Forest%20Admin%20Accounts%20%26%20Roles,DC=ASATL,DC=NET?sAMAccountName?sub"; ldaptls=1 ldapbinddn="CN=POSTGRES,OU=Service Accounts,OU=Global,OU=Member Servers,DC=PMINTL,DC=NET" ldapbindpasswd='password001' Apart from the difference in the IP address (which you say was a typo) your pg_hba.conf line starts with "hostssl", which means that it only applies to SSL connections. But your error message suggests that the connection attempt was made without SSL encryption. Thic could be an artifact if the client tries both SSL and non-SSL connections, in which case I would force SSL on the client side to get the proper error. Also, I'd look into the PostgreSQL server log file. Yours, Laurenz Albe -- Cybertec | https://www.cybertec-postgresql.com
