public inbox for pgsql-novice@postgresql.org  

help / color / mirror / Atom feed

A vexing problem with LDAP
2+ messages / 2 participants
[nested] [flat]

* A vexing problem with LDAP
@ 2026-03-13 06:57 Subramanian,Ramachandran <ramachandran.subramanian@alte-leipziger.de>
  2026-03-13 07:04 ` Re: A vexing problem with LDAP Laurenz Albe <laurenz.albe@cybertec.at>
  0 siblings, 1 reply; 2+ messages in thread

From: Subramanian,Ramachandran @ 2026-03-13 06:57 UTC (permalink / raw)
  To: pgsql-novice@lists.postgresql.org <pgsql-novice@lists.postgresql.org>

Hello,

    we have been struggling with this problem for a while now and I would be extremely grateful for your kind help.


We have an USERID ( VALID-USER)  who exists in the LDAP Group G_APP_Postgres_Users.

I can see his entry when I execute the command  Get-ADGroupMember "G_APP_Postgres_Users" | more

PS H:\>

I can also see his details  as shown below.


PS H:\> Get-ADUser -LDAPFilter "(&(objectClass=user)(sAMAccountName=VALID-USER)(memberOf=CN=G_APP_Postgres_Users,OU=Anwendungen,OU=Gruppen,OU=Identity,DC=my-Konzern,DC=de))"


DistinguishedName : CN=VALID-USER,OU=Konten,OU=EWT,OU=PostgreSQL,OU=Ressourcen,DC=my-Konzern,DC=de
Enabled           : True
GivenName         : REWT-PostgreSQL
Name              : VALID-USER
ObjectClass       : user
ObjectGUID        : 5a45f8e9-f13b-4ff2-9815-ec85bd0aeb7c
SamAccountName    : VALID-USER
SID               : S-1-5-21-4249930229-1474557206-4077294858-125360
Surname           : Rochade-Konfig
UserPrincipalName : VALID-USER@my-konzern.de<mailto:VALID-USER@my-konzern.de>


However when he tries to connect to postgres we see this error message.


Postgres-Log
LOG:  LDAP user "VALID-USER" does not exist
FATAL:  LDAP authentication failed for user "VALID-USER"


PG_HBA.CONF entry is shown below.


pg_hba.conf
host   all             all              0.0.0.0/0             ldap ldapserver=ldap.my-konzern.de ldapport=389 ldapbinddn="CN=Postgres-LDAP,OU=Konten,OU=PROD,OU=PostgreSQL,OU=Ressourcen,DC=my-konzern,DC=de" ldapbindpasswd="dF3@3#s$P1" ldapbasedn="OU=Postgres,OU=Ressourcen,DC=my-konzern,DC=de" ldapscheme=ldap ldapsearchfilter="(&(objectClass=user)( sAMAccountName=%u)(memberOf=CN=G_APP_Postgres_Users,OU=Anwendungen,OU=Gruppen,OU=Identity,DC=my-konzern,DC=de))"



What could be the source of this error?

How to debug this problem step by step to see where exactly the chain is disconnected?

Thank you for your time in advance.

LG

Ram


Freundliche Grüße

i. A. Ramachandran Subramanian
Zentralbereich Informationstechnologie

Alte Leipziger Lebensversicherung a.G.


Hallesche Krankenversicherung a.G.





Alte Leipziger Lebensversicherung a.G., Alte Leipziger-Platz 1, 61440 Oberursel
Vors. des Aufsichtsrats: Dr. Walter Botermann · Vorstand: Christoph Bohn (Vors.), Dr. Jürgen Bierbaum (stv. Vors.), Frank Kettnaker, Dr. Jochen Kriegmeier, Alexander Mayer, Christian Pape, Wiltrud Pekarek, Udo Wilcsek
Sitz Oberursel (Taunus) · Rechtsform VVaG · Amtsgericht Bad Homburg v. d. H. HRB 1583 · USt.-IdNr. DE 114106814





 
Hallesche Krankenversicherung a.G.,  Löffelstraße 34-38, 70597 Stuttgart
Vors. des Aufsichtsrats: Dr. Walter Botermann · Vorstand: Christoph Bohn (Vors.), Dr. Jürgen Bierbaum (stv. Vors.), Frank Kettnaker, Dr. Jochen Kriegmeier, Alexander Mayer, Christian Pape,
Wiltrud Pekarek, Udo Wilcsek
Sitz Stuttgart · Rechtsform VVaG · Amtsgericht Stuttgart HRB 2686 · USt.-IdNr. DE 147802285
Beiträge zu privaten Kranken- und Pflegekrankenversicherungen unterliegen nicht der Versicherungsteuer (§ 4 Nr. 5 VersStG) · Versicherungsleistungen sowie Umsätze aus Versicherungsvertreter-/Maklertätigkeiten sind umsatzsteuerfrei
 



 
Die Pflichtangaben der ALH Gruppe gemäß § 35a GmbHG bzw. § 80 AktG finden Sie hier: https://www.alte-leipziger.de/impressum 





______________________

ALH Gruppe
Alte Leipziger-Platz 1, 61440 Oberursel
Tel.: +49 (6171) 66-4882
Fax: +49 (6171) 66-800-4882
E-Mail: ramachandran.subramanian@alte-leipziger.de
www.alte-leipziger.de
www.hallesche.de



^ permalink  raw  reply  [nested|flat] 2+ messages in thread

* Re: A vexing problem with LDAP
  2026-03-13 06:57 A vexing problem with LDAP Subramanian,Ramachandran <ramachandran.subramanian@alte-leipziger.de>
@ 2026-03-13 07:04 ` Laurenz Albe <laurenz.albe@cybertec.at>
  0 siblings, 0 replies; 2+ messages in thread

From: Laurenz Albe @ 2026-03-13 07:04 UTC (permalink / raw)
  To: Subramanian,Ramachandran <ramachandran.subramanian@alte-leipziger.de>; pgsql-novice@lists.postgresql.org <pgsql-novice@lists.postgresql.org>

On Fri, 2026-03-13 at 06:57 +0000, Subramanian,Ramachandran wrote:
> We have an USERID ( VALID-USER)  who exists in the LDAP Group G_APP_Postgres_Users. 
>  
> PS H:\> Get-ADUser -LDAPFilter "(&(objectClass=user)(sAMAccountName=VALID-USER)(memberOf=CN=G_APP_Postgres_Users,OU=Anwendungen,OU=Gruppen,OU=Identity,DC=my-Konzern,DC=de))"
>  
> DistinguishedName : CN=VALID-USER,OU=Konten,OU=EWT,OU=PostgreSQL,OU=Ressourcen,DC=my-Konzern,DC=de
> Enabled           : True
> GivenName         : REWT-PostgreSQL
> Name              : VALID-USER
> ObjectClass       : user
> ObjectGUID        : 5a45f8e9-f13b-4ff2-9815-ec85bd0aeb7c
> SamAccountName    : VALID-USER
> SID               : S-1-5-21-4249930229-1474557206-4077294858-125360
> Surname           : Rochade-Konfig
> UserPrincipalName :VALID-USER@my-konzern.de
>  
> However when he tries to connect to postgres we see this error message.
>  
> Postgres-Log
> LOG:  LDAP user "VALID-USER" does not exist
> FATAL:  LDAP authentication failed for user "VALID-USER"
>  
> PG_HBA.CONF entry is shown below.
>  
> pg_hba.conf
> host   all             all              0.0.0.0/0             ldap ldapserver=ldap.my-konzern.de ldapport=389 ldapbinddn="CN=Postgres-LDAP,OU=Konten,OU=PROD,OU=PostgreSQL,OU=Ressourcen,DC=my-konzern,DC=de" ldapbindpasswd="dF3@3#s$P1" ldapbasedn="OU=Postgres,OU=Ressourcen,DC=my-konzern,DC=de" ldapscheme=ldap ldapsearchfilter="(&(objectClass=user)( sAMAccountName=%u)(memberOf=CN=G_APP_Postgres_Users,OU=Anwendungen,OU=Gruppen,OU=Identity,DC=my-konzern,DC=de))"
>  
> What could be the source of this error?

I'd say that because PostgreSQL <> Postgres, you won't find user
"CN=VALID-USER,OU=Konten,OU=EWT,OU=PostgreSQL,OU=Ressourcen,DC=my-Konzern,DC=de"
under the base distinguished name "OU=Postgres,OU=Ressourcen,DC=my-konzern,DC=de".

Try with ldapbasedn="OU=PostgreSQL,OU=Ressourcen,DC=my-Konzern,DC=de".

> How to debug this problem step by step to see where exactly the chain is disconnected?

Copy and paste is your friend, it avoids typos.

Yours,
Laurenz Albe






^ permalink  raw  reply  [nested|flat] 2+ messages in thread

end of thread, other threads:[~2026-03-13 07:04 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2026-03-13 06:57 A vexing problem with LDAP Subramanian,Ramachandran <ramachandran.subramanian@alte-leipziger.de>
2026-03-13 07:04 ` Laurenz Albe <laurenz.albe@cybertec.at>

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox