Hi All, We are using the following format for LDAP authentication,
host all all 0.0.0.0/0 ldap ldapserver=ldap.xxx.com ldapport=389 ldaptls=1 ldapbasedn="dc=domain,dc=com" ldapbinddn="cn=auth_user,dc=domain,dc=com" ldapbindpasswd=encrypted_password ldapsearchattribute=uid 1. It successfully retrieved user information when we do ldapsearch "ldapsearch -H "ldaps://ldap.xxxx.com" -W -D "cn=auth_user,ou=people,dc=domain,dc=com" -b "dc=domain,dc=com" "uid=ldap_user" 2. Same LDAP server is authenticating while ssh / sudo successfully. But issue is while connecting DB -bash-4.1$ psql -h dbhost.domain.com -Atc "select 'success'" -Uldap_user postgres Password for user ldap_user: psql: FATAL: LDAP authentication failed for user "ldap_user" -bash-4.1$ Is there any way to validate ldap_user password using ldapsearch ? Or is there any specific format in pg_hba.conf to configure LDAP. Regards, Raj On Wed, Jun 5, 2019 at 4:56 PM Perumal Raj <peruci...@gmail.com> wrote: > Thanks Steve for the response, Yes we had DNS server change. > But conf file updated with right DNS server and its resolving when i > crosscheck with nslookup against clinet_addr > > By the way , What is the right syntax for LDAP configuration , > > I am using the one below, and getting LDAP authentication error though i > was able to login to server with same password. > > host all all 0.0.0.0/0 ldap ldapserver=ldap.xxx.com > ldapport=389 ldaptls=1 ldapbasedn="dc=domain,dc=com" > ldapbinddn="cn=auth_user,dc=domain,dc=com" > ldapbindpasswd=encrypted_password ldapsearchattribute=uid > > Version :9..2 > > Regards, > Raju > > > On Wed, Jun 5, 2019 at 11:08 AM Steve Crawford < > scrawf...@pinpointresearch.com> wrote: > >> On Wed, Jun 5, 2019 at 10:13 AM Perumal Raj <peruci...@gmail.com> wrote: >> >>> Hi All, >>> >>> We have recently noticed in our development environment pg_log with >>> flooded message. >>> >>> [64459]: [1-1] user=[unknown],db=[unknown],host= WARNING: >>> pg_getnameinfo_all() failed: Temporary failure in name resolution... >>> >> >> First thing I'd check is that DNS is functioning correctly (including >> local resolution settings or caching name resolvers). >> >> Cheers, >> Steve >> >> >
