ldap setup: No explicit matching ClientAuthentication entry found
- trying to set-up LDAP on vertica 7.1.0
- after several trials of setting up the parameters (ie).
CREATE AUTHENTICATION ldapaccess METHOD 'ldap' HOST '0.0.0.0';
ALTER AUTHENTICATION ldapaccess SET HOST='ldap://......',basedn='.....',search_attribute='sAMAccountName',binddn='.......',bind_password='......' ;
GRANT AUTHENTICATION ldapaccess TO 'username.lastname';
-------------------------------
each time we try to log in after using:
$ vsql -U username.lastname -W
we always see in the logs ::
2014-10-03 14:46:42.444 Init Session:0x7fe2e4010e10 <LOG> @v_pdw_node0001: 00000/2705: Connection received: host=::1 port=52270 (connCnt 1)
2014-10-03 14:46:42.444 Init Session:0x7fe2e4010e10 <LOG> @v_pdw_node0001: 00000/4540: Received SSL negotiation startup packet
2014-10-03 14:46:42.444 Init Session:0x7fe2e4010e10 <LOG> @v_pdw_node0001: 00000/4691: Sending SSL negotiation response 'N'
2014-10-03 14:46:42.444 Init Session:0x7fe2e4010e10 <LOG> @v_pdw_node0001: 00000/4081: No explicit matching ClientAuthentication entry found for user "username.lastname"; rejecting connection
2014-10-03 14:46:42.445 Init Session:0x7fe2e4010e10 <FATAL> @v_pdw_node0001: {SessionRun} 28000/2248: Authentication failed for username "username.lastname"
LOCATION: auth_failed, /scratch_a/release/vbuild/vertica/Basics/ClientAuthentication.cpp:956
- after several trials of setting up the parameters (ie).
CREATE AUTHENTICATION ldapaccess METHOD 'ldap' HOST '0.0.0.0';
ALTER AUTHENTICATION ldapaccess SET HOST='ldap://......',basedn='.....',search_attribute='sAMAccountName',binddn='.......',bind_password='......' ;
GRANT AUTHENTICATION ldapaccess TO 'username.lastname';
-------------------------------
each time we try to log in after using:
$ vsql -U username.lastname -W
we always see in the logs ::
2014-10-03 14:46:42.444 Init Session:0x7fe2e4010e10 <LOG> @v_pdw_node0001: 00000/2705: Connection received: host=::1 port=52270 (connCnt 1)
2014-10-03 14:46:42.444 Init Session:0x7fe2e4010e10 <LOG> @v_pdw_node0001: 00000/4540: Received SSL negotiation startup packet
2014-10-03 14:46:42.444 Init Session:0x7fe2e4010e10 <LOG> @v_pdw_node0001: 00000/4691: Sending SSL negotiation response 'N'
2014-10-03 14:46:42.444 Init Session:0x7fe2e4010e10 <LOG> @v_pdw_node0001: 00000/4081: No explicit matching ClientAuthentication entry found for user "username.lastname"; rejecting connection
2014-10-03 14:46:42.445 Init Session:0x7fe2e4010e10 <FATAL> @v_pdw_node0001: {SessionRun} 28000/2248: Authentication failed for username "username.lastname"
LOCATION: auth_failed, /scratch_a/release/vbuild/vertica/Basics/ClientAuthentication.cpp:956
0
Comments
If you are setting up LDAP in Vertica 7.0, there is an additional configuration file which needs to be created and updated.
In Vertica 7.0, we introduced some new security features which in turn introduced some new configuration files. Please review the below documentation page, it will walk you through setting up an additional config file, ldap.conf, in which we will state that we will never want starttls connections:
https://my.vertica.com/docs/7.0.x/HTML/index.htm#Authoring/InstallationGuide/InstallingVertica/Using...
The only entry we need to add to the file is:
TLS_REQCERT allow
Regards
Bhawana
Thank you for your reply. We were able to get it working with the help of Vertica Rep.
what we had to change, was instead of
$ vsql -U firstname.lastname -W
$ vsql -h hostname -U firstname.lastname
we didnt have to edit anything outside the db (catalog), our steps were:
dbadmin=> CREATE AUTHENTICATION ldapaccess METHOD 'ldap' HOST '0.0.0.0/0';
CREATE AUTHENTICATION
I am glad that Vertica Rep helped you out to get it resolved.
Have a nice day!
Regards
Bhawana