BUG #16064: Ldap Authentication failing with pg_hba.conf entry

Greetings,

* PG Bug reporting form (noreply@postgresql.org) wrote:

Can any one please guide me what is the issue with my ldap authentication on
Postgresql 10.10. Here is the Entry for ldap in pg_hba.conf file

host all all XX.XX.XXX.XX/32 ldap
ldapserver=XX.XX.XXX.XX ldapbasedn="ou=People,dc=internal,dc=com"
ldapbinddn="cn=Tom,ou=People,dc=internal,dc=com" ldapbindpasswd="Test123#"
ldapport=389

I created the same user "Tom" in the Postgres database too . Also created
the User "Tom" other user "svc-ldap" in active directory too.

When I am trying to connect to PostgreSQL server from other remote server,
the authentication is failing with

psql: FATAL: no pg_hba.conf entry for host "XXX.XX.XXX.XXX", user "Tom",
database "Tom", SSL off

Unfortunately, you haven't provided what the specific IP addresses are,
but it looks like perhaps they don't match...? Note that when you
specify a '/32', the IP address in the pg_hba.conf must match EXACTLY
the IP address that the connection attempt is coming from.

All that said, you mention that you're using Active Directory, which
itself actually uses Kerberos for authentication- not LDAP, and
PostgreSQL directly supports Kerberos authentication through GSSAPI. I
strongly encourage you to look into use GSSAPI instead, it's much more
secure than using LDAP-based auth and avoids the user's password being
sent to the PostgreSQL server (where it could be compromised if the PG
process is compromised).

Thanks,

Stephen

On Thu, Oct 17, 2019 at 1:59 PM PG Bug reporting form <
noreply@postgresql.org> wrote:

The following bug has been logged on the website:

Bug reference: 16064
Logged by: Yudhveer Kandukuri
Email address: k.yudhveer@gmail.com
PostgreSQL version: 10.10
Operating system: Ubuntu 18.04
Description:

Can any one please guide me what is the issue with my ldap authentication
on
Postgresql 10.10. Here is the Entry for ldap in pg_hba.conf file

host all all XX.XX.XXX.XX/32 ldap
ldapserver=XX.XX.XXX.XX ldapbasedn="ou=People,dc=internal,dc=com"
ldapbinddn="cn=Tom,ou=People,dc=internal,dc=com" ldapbindpasswd="Test123#"
ldapport=389

I created the same user "Tom" in the Postgres database too . Also created
the User "Tom" other user "svc-ldap" in active directory too.

When I am trying to connect to PostgreSQL server from other remote server,
the authentication is failing with

psql: FATAL: no pg_hba.conf entry for host "XXX.XX.XXX.XXX", user "Tom",
database "Tom", SSL off

Just by counting the placeholders, we know that XX.XX.XXX.XX cannot be the
same thing as XXX.XX.XXX.XXX.

Cheers,

Jeff

Hi all,

Here are the full details
host all all 10.10.117.43/32 ldap
ldapserver=10.10.117.43 ldapbasedn="ou=People,dc=internal,dc=com"
ldapbinddn="cn=Tom,ou=People,dc=internal,dc=com" ldapbindpasswd="Test123#"
ldapport=389

Thanks and regards
Yudhveer Kandukuri

On Thu, Oct 17, 2019 at 4:16 PM Jeff Janes <jeff.janes@gmail.com> wrote: