Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1w0wSq-002LTK-2k for pgsql-novice@arkaria.postgresql.org; Fri, 13 Mar 2026 06:57:41 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1w0wSn-0020mY-0W for pgsql-novice@arkaria.postgresql.org; Fri, 13 Mar 2026 06:57:37 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1w0wSm-0020mQ-2j for pgsql-novice@lists.postgresql.org; Fri, 13 Mar 2026 06:57:37 +0000 Received: from mx2.alte-leipziger.de ([91.217.145.232]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.98.2) (envelope-from ) id 1w0wSk-00000002QBU-2VQ9 for pgsql-novice@lists.postgresql.org; Fri, 13 Mar 2026 06:57:36 +0000 X-CSE-ConnectionGUID: AV8L5EjERUi0YWdl51wfJQ== X-CSE-MsgGUID: Q8c6PF1ZQWC7pQVEgZKsnQ== From: "Subramanian,Ramachandran" To: "pgsql-novice@lists.postgresql.org" Subject: A vexing problem with LDAP Thread-Topic: A vexing problem with LDAP Thread-Index: AdyytIRrGIQxlzy4RQywSX+HSRL4sA== Date: Fri, 13 Mar 2026 06:57:29 +0000 Message-ID: Accept-Language: de-DE, en-US Content-Language: de-DE X-MS-Has-Attach: X-MS-TNEF-Correlator: x-tmase-matchedrid: cd4bo9JS5DQRz9YLdsFULH0tCKdnhB58Wyp9qNukZ1BvTOI9YAS51j4C ii3pSpSYJaQokcGSq+gsEFWH07Y1pf1N8S9tF60fwsybRluqYXpk9EiT3DtQkOUH2+bY0IGE x-tm-as-user-approved-sender: No x-tm-as-user-blocked-sender: No x-tmase-result: 10--5.490600-8.000000 x-tm-snts-smtp: 83C53616BB9249D11290BE1BA3A93E511D3293D0BB737B947850CC87CBDEBCEF2000:8 x-alsentwithgood: false Content-Type: multipart/alternative; boundary="_000_f1741c9e262d4bc8ad285ec7d82bf62ealteleipzigerde_" MIME-Version: 1.0 X-GBS-PROC: U4I20n4ULWTIC0V85elGedv46RnRzPommcrqbe2OG5LqJpa43kNuZXd50ChBZU1I X-GBS-PROCJOB: =?utf-8?Q?nKh0dFHgwwYAxinbMTqW/xa+i8ZvnBpwJDetFVvvO1CkJwK/4LClGWEPTqn7?= =?utf-8?Q?tHHTjbH0GZEQWeUcmDGX7ZwBn+6H3eaJfjdMkrdY2XLCbdwNV1SGXpegEZFU?= =?utf-8?Q?Kfde26sKo0BLuJrfLck5gr1/gNeJVSqKyRyj6ky6+6pxFFgcsKI=3D?= List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --_000_f1741c9e262d4bc8ad285ec7d82bf62ealteleipzigerde_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hello, we have been struggling with this problem for a while now and I would= be extremely grateful for your kind help. We have an USERID ( VALID-USER) who exists in the LDAP Group G_APP_Postg= res_Users. I can see his entry when I execute the command Get-ADGroupMember =22G_AP= P_Postgres_Users=22 | more PS H:=5C> I can also see his details as shown below. PS H:=5C> Get-ADUser -LDAPFilter =22(&(objectClass=3Duser)(sAMAccountName= =3DVALID-USER)(memberOf=3DCN=3DG_APP_Postgres_Users,OU=3DAnwendungen,OU= =3DGruppen,OU=3DIdentity,DC=3Dmy-Konzern,DC=3Dde))=22 DistinguishedName : CN=3DVALID-USER,OU=3DKonten,OU=3DEWT,OU=3DPostgreSQL,= OU=3DRessourcen,DC=3Dmy-Konzern,DC=3Dde Enabled : True GivenName : REWT-PostgreSQL Name : VALID-USER ObjectClass : user ObjectGUID : 5a45f8e9-f13b-4ff2-9815-ec85bd0aeb7c SamAccountName : VALID-USER SID : S-1-5-21-4249930229-1474557206-4077294858-125360 Surname : Rochade-Konfig UserPrincipalName : VALID-USER@my-konzern.de However when he tries to connect to postgres we see this error message. Postgres-Log LOG: LDAP user =22VALID-USER=22 does not exist FATAL: LDAP authentication failed for user =22VALID-USER=22 PG_HBA.CONF entry is shown below. pg_hba.conf host all all 0.0.0.0/0 ldap ldapse= rver=3Dldap.my-konzern.de ldapport=3D389 ldapbinddn=3D=22CN=3DPostgres-LD= AP,OU=3DKonten,OU=3DPROD,OU=3DPostgreSQL,OU=3DRessourcen,DC=3Dmy-konzern,= DC=3Dde=22 ldapbindpasswd=3D=22dF3@3#s$P1=22 ldapbasedn=3D=22OU=3DPostgre= s,OU=3DRessourcen,DC=3Dmy-konzern,DC=3Dde=22 ldapscheme=3Dldap ldapsearch= filter=3D=22(&(objectClass=3Duser)( sAMAccountName=3D%u)(memberOf=3DCN= =3DG_APP_Postgres_Users,OU=3DAnwendungen,OU=3DGruppen,OU=3DIdentity,DC= =3Dmy-konzern,DC=3Dde))=22 What could be the source of this error=3F How to debug this problem step by step to see where exactly the chain is = disconnected=3F Thank you for your time in advance. LG Ram Freundliche Gr=FC=DFe i. A. Ramachandran Subramanian Zentralbereich Informationstechnologie Alte Leipziger Lebensversicherung a.G. Hallesche Krankenversicherung a.G. Alte Leipziger Lebensversicherung a.G., Alte Leipziger-Platz 1, 61440 Obe= rursel Vors. des Aufsichtsrats: Dr. Walter Botermann =B7 Vorstand: Christoph Boh= n (Vors.), Dr. J=FCrgen Bierbaum (stv. Vors.), Frank Kettnaker, Dr. Joche= n Kriegmeier, Alexander Mayer, Christian Pape, Wiltrud Pekarek, Udo Wilcs= ek Sitz Oberursel (Taunus) =B7 Rechtsform VVaG =B7 Amtsgericht Bad Homburg v= . d. H. HRB 1583 =B7 USt.-IdNr. DE 114106814 =20 Hallesche Krankenversicherung a.G., L=F6ffelstra=DFe 34-38, 70597 Stuttg= art Vors. des Aufsichtsrats: Dr. Walter Botermann =B7 Vorstand: Christoph Boh= n (Vors.), Dr. J=FCrgen Bierbaum (stv. Vors.), Frank Kettnaker, Dr. Joche= n Kriegmeier, Alexander Mayer, Christian Pape, Wiltrud Pekarek, Udo Wilcsek Sitz Stuttgart =B7 Rechtsform VVaG =B7 Amtsgericht Stuttgart HRB 2686 = =B7 USt.-IdNr. DE 147802285 Beitr=E4ge zu privaten Kranken- und Pflegekrankenversicherungen unterlieg= en nicht der Versicherungsteuer (=A7 4 Nr. 5 VersStG) =B7 Versicherungsle= istungen sowie Ums=E4tze aus Versicherungsvertreter-/Maklert=E4tigkeiten = sind umsatzsteuerfrei =20 =20 Die Pflichtangaben der ALH Gruppe gem=E4=DF =A7 35a GmbHG bzw. =A7 80 Akt= G finden Sie hier: https://www.alte-leipziger.de/impressum=20 ______________________ ALH Gruppe Alte Leipziger-Platz 1, 61440 Oberursel Tel.: +49 (6171) 66-4882 Fax: +49 (6171) 66-800-4882 E-Mail: ramachandran.subramanian@alte-leipziger.de www.alte-leipziger.de www.hallesche.de --_000_f1741c9e262d4bc8ad285ec7d82bf62ealteleipzigerde_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Hello,

 

    we have been struggling wit= h this problem for a while now and I would be extremely grateful for your= kind help.

 

 

We have an USERID ( VALID-USER)  who exis= ts in the LDAP Group G_APP_Postgres_Users. 

 

I can see his entry when I execute the command=   Get-ADGroupMember "G_APP_Postgres_Users" | more

 

PS H:=5C>

 

I can also see his details  as shown belo= w.

 

 

PS H:=5C> Get-ADUser -LDAPFilter "(&am= p;(objectClass=3Duser)(sAMAccountName=3DVALID-USER)(memberOf=3DCN=3DG_APP= _Postgres_Users,OU=3DAnwendungen,OU=3DGruppen,OU=3DIdentity,DC=3Dmy-Konze= rn,DC=3Dde))"

 

 

DistinguishedName : CN=3DVALID-USER,OU=3DKonte= n,OU=3DEWT,OU=3DPostgreSQL,OU=3DRessourcen,DC=3Dmy-Konzern,DC=3Dde

Enabled      &nb= sp;    : True

GivenName      &= nbsp;  : REWT-PostgreSQL

Name       =        : VALID-USER

ObjectClass      = ; : user

ObjectGUID      =   : 5a45f8e9-f13b-4ff2-9815-ec85bd0aeb7c

SamAccountName    : VALID-USER<= o:p>

SID       &= nbsp;       : S-1-5-21-4249930229-147455720= 6-4077294858-125360

Surname      &nb= sp;    : Rochade-Konfig

UserPrincipalName : VALID-USER@my-konzern.de<= /a>

 

 

However when he tries to connect to postgres w= e see this error message.

 

 

Postgres-Log

LOG:  LDAP user "VALID-USER" do= es not exist

FATAL:  LDAP authentication failed for us= er "VALID-USER"

 

 

PG_HBA.CONF entry is shown below.

 

 

pg_hba.conf

host   all    &n= bsp;        all    = ;          0.0.0.0/0 &n= bsp;           ldap lda= pserver=3Dldap.my-konzern.de ldapport=3D389 ldapbinddn=3D"CN=3DPostg= res-LDAP,OU=3DKonten,OU=3DPROD,OU=3DPostgreSQL,OU=3DRessourcen,DC=3Dmy-ko= nzern,DC=3Dde" ldapbindpasswd=3D"dF3@3#s$P1" ldapbasedn=3D"OU=3DPostgres= ,OU=3DRessourcen,DC=3Dmy-konzern,DC=3Dde" ldapscheme=3Dldap ldapsear= chfilter=3D"(&(objectClass=3Duser)( sAMAccountName=3D%u)(memberO= f=3DCN=3DG_APP_Postgres_Users,OU=3DAnwendungen,OU=3DGruppen,OU=3DIdentity= ,DC=3Dmy-konzern,DC=3Dde))"

 

 

 

What could be the source of this error=3F = ;

 

How to debug this problem step by step to see = where exactly the chain is disconnected=3F

 

Thank you for your time in advance.

 

LG


Ram


Freundliche Gr=FC=DFe


i. A. Ramachandran Subrama= nian =20

Zentralbereich Informationst= echnologie

=20

Alte Leipziger Lebensversicherung a. G.<= /SPAN>

Hallesche Krankenversicherung a. G.

=20

______________________

ALH Gruppe
Alte Leipziger-Platz 1, 614= 40 Oberursel
Tel: +49 (6171) 66-4882
Fax: +49 (6171) 66-800-4882E-Mail: ramachandran.subramanian@alte-leipziger.de
www.alte-leipziger.de
www.hallesche.de

Alte Leipziger Lebensversich= erung a. G., Alte Leipziger-Platz 1, 61440 Oberursel

Vors. des Aufsichtsra= ts: Dr. Walter Botermann =B7 Vorstand: Christoph Bohn (Vors.), Dr. J=FCrg= en Bierbaum (stv. Vors.), Frank Kettnaker, Dr. Jochen Kriegmeier, Alexand= er Mayer, Christian Pape, Wiltrud Pekarek, Udo Wilcsek

Sitz Oberursel (Taunus) =B7 = Rechtsform VVaG =B7 Amtsgericht Bad Homburg v. d. H. HRB 1583 =B7 USt.-Id= Nr. DE 114106814


Hallesche Krankenversicherun= g a. G., L=F6ffelstra=DFe 34-38, 70597 Stuttgart

Vors. des Aufsichtsrats: Dr.= Walter Botermann =B7 Vorstand: Christoph Bohn (Vors.), Dr. J=FCrgen Bier= baum (stv. Vors.), Frank Kettnaker, Dr. Jochen Kriegmeier, Alexander Maye= r, Christian Pape, Wiltrud Pekarek, Udo Wilcsek

Sitz Stuttgart =B7 Rechtsfor= m VVaG =B7 Amtsgericht Stuttgart HRB 2686 =B7 USt.-IdNr. DE 147802285

Beitr=E4ge zu privaten Krank= en- und Pflegekrankenversicherungen unterliegen nicht der Versicherungste= uer (=A7 4 (1) Nr. 5 b VersStG) =B7 Versicherungsleistungen sowie Ums=E4t= ze aus Versicherungsvertreter-/Maklert=E4tigkeiten sind umsatzsteuerfrei<= /SPAN>


= Pflichtangaben der A= LH Gruppe gem=E4=DF =A7 35a GmbHG bzw. =A7 80 AktG --_000_f1741c9e262d4bc8ad285ec7d82bf62ealteleipzigerde_--