Postgres LDAP authentication

Question

I am trying to set up LDAP authentication with Postgres. I have user in my database with the same name as in AD and the following string in pg_hba.conf:

host all myusername 0.0.0.0/0 ldap ldapserver=ldap.server.address ldapport=10636 ldapprefix="" ldapsuffix="@domain.com" ldapscheme=ldaps

LDAP server accessible from postgres server. LDAP service is up and listening to port 10636 I can login with this username/password to other services integrated with AD.

But when i connect to the database i get error:

user is not authenticated (LDAP)

What am I doing wrong?

Answer 1

I was thinking where to leave a note on how to configure LDAP in PostgreSQL.

This is a great place! :)

Attention - the ldap method does not have a map property, so you cannot make comparisons through the pg_ident.conf file You need to configure authentication in the pg_hba.conf file like this:

# TYPE  DATABASE    USER    ADDRESS     METHOD
host    all         all     0.0.0.0/0   ldap    ldapserver=mydomain.local ldapport=389 ldaptls=1 ldapprefix=""

or

# TYPE  DATABASE    USER    ADDRESS     METHOD
host    all         all     0.0.0.0/0   ldap    ldapserver=mydomain.local ldapport=636 ldapprefix=""

Users need to be created with an exact match of the UPN name!

CREATE ROLE "[email protected]" WITH SUPERUSER LOGIN;

When connecting, use the full UPN name format!

psql -h 127.0.0.1 -U "[email protected]" -W postgres