ldap setup: No explicit matching ClientAuthentication entry found

- trying to set-up LDAP on vertica 7.1.0
- after several trials of setting up the parameters (ie).
ALTER AUTHENTICATION ldapaccess SET HOST='ldap://......',basedn='.....',search_attribute='sAMAccountName',binddn='.......',bind_password='......' ; 

GRANT AUTHENTICATION ldapaccess TO 'username.lastname';


each time we try to log in after using:
$ vsql -U username.lastname -W    

we always see in the logs ::

2014-10-03 14:46:42.444 Init Session:0x7fe2e4010e10 <LOG> @v_pdw_node0001: 00000/2705: Connection received: host=::1 port=52270 (connCnt 1)

2014-10-03 14:46:42.444 Init Session:0x7fe2e4010e10 <LOG> @v_pdw_node0001: 00000/4540: Received SSL negotiation startup packet

2014-10-03 14:46:42.444 Init Session:0x7fe2e4010e10 <LOG> @v_pdw_node0001: 00000/4691: Sending SSL negotiation response 'N'

2014-10-03 14:46:42.444 Init Session:0x7fe2e4010e10 <LOG> @v_pdw_node0001: 00000/4081: No explicit matching ClientAuthentication entry found for user "username.lastname"; rejecting connection

2014-10-03 14:46:42.445 Init Session:0x7fe2e4010e10 <FATAL> @v_pdw_node0001: {SessionRun} 28000/2248: Authentication failed for username "username.lastname"
        LOCATION:  auth_failed, /scratch_a/release/vbuild/vertica/Basics/ClientAuthentication.cpp:956


  • Hi,

    If you are setting up LDAP in Vertica 7.0, there is an additional configuration file which needs to be created and updated.

    In Vertica 7.0, we introduced some new security features which in turn introduced some new configuration files. Please review the below documentation page, it will walk you through setting up an additional config file, ldap.conf, in which we will state that we will never want starttls connections:


    The only entry we need to add to the file is:

    TLS_REQCERT allow



  • Hi There,

    Thank you for your reply.    We were able to get it working with the help of Vertica Rep.  
    what we had to change, was instead of 
    $ vsql -U firstname.lastname -W

    $ vsql -h hostname -U firstname.lastname 

    we didnt have to edit anything outside the db (catalog),  our steps were:

    dbadmin=> CREATE AUTHENTICATION ldapaccess METHOD 'ldap' HOST '';
    dbadmin=> GRANT AUTHENTICATION ldapaccess TO "firstname.lastname";  GRANT AUTHENTICATION    dbadmin=> ALTER AUTHENTICATION ldapacces SET HOST='ldap://host',basedn='ou=...,ou=...,dc=...,dc=com',search_attribute='...',binddn='CN=...,OU=Users,OU=...,DC=...,DC=com',bind_password='...';  ALTER AUTHENTICATION
  • Hi,

    I am glad that  Vertica Rep helped you out to get it resolved.

    Have a nice day!



Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file