Hello community,
I'm using postgreSQL with docker image, most of them are postgres 14+Postgis
We have to use LDAP in our AD environment, Users could use Kerberos but service accounts used by Apps can't.
The problem that I'm facing is our different users are in different OUs, let's say we have two different OUs both at the root path of our AD
AdminOU and UserOU
Here my first working setup:
host all +ldap_roles 192.168.0.0/16 ldap ldapurl="ldap://ldap.service:636/ou=AdminOU,dc=domain,dc=org?sAMAccountName?sub" ldapbinddn="cn=postgres_bind,ou=level1,ou=level2,dc=domain,dc=org"
ldapbindpasswd="password"
So all admin users can be 'seen' by postgres, auth is working well.
If I remove the AdminOU : ldapurl="ldap://ldap.service:636/dc=domain,dc=org?sAMAccountName?sub"
Then I got a LdapBind error:
DETAIL: LDAP diagnostics: 000004DC: LdapErr: DSID-0C0907E9, comment: In order to perform this operation a successful bind must be completed on the connection., data 0
, v2580
, v2580
After multiple try and error I got something that is working, but for me it does have sense why it failed previously.. I had to :
- Change the ldap port, to use the Global Catalog LDAP SSL 3269
- To change the bind user syntax, and use user@domain
I tried All these options separately and only this combination is working
host all +ldap_roles 192.168.0.0/16 ldap ldapurl="ldap://ldap.service:3269/dc=domain,dc=org?sAMAccountName?sub" ldapbinddn="postgres_bind@domain.org" ldapbindpasswd="password"
Cheers,
Sylvain
|
|
