We're Moving!

The Vertica Forum is moving to a new OpenText Analytics Database (Vertica) Community.

Join us there to post discussion topics, learn about

product releases, share tips, access the blog, and much more.

Create My New Community Account Now


Getting “LDAP authentication failed” when connecting to Vertica via JDBC — Vertica Forum

Getting “LDAP authentication failed” when connecting to Vertica via JDBC

nchammas-mmnchammas-mm
in General Discussion

I'm trying to connect to a Vertica 7.1.1 database using DBeaver. I've downloaded the 7.1.2 JDBC driver (I couldn't find a 7.1.1 driver available for download) and configured DBeaver to use it.

 

When I try to connect via DBeaver I get this:

 

```

SQLInvalidAuthorizationSpecException: [Vertica][VJDBC](3846)
FATAL: LDAP authentication failed for user "my_username"

```

 

If I try connecting with an invalid username, I get a different error message:

 

```

SQLInvalidAuthorizationSpecException: [Vertica][VJDBC](3781)
FATAL: Invalid username or password

```

 

This confirms that I am reaching Vertica fine, but something is going wrong when I try to authenticate with my correct username.

 

I am able to connect to Vertica from the same host via vsql without issue.

 

I came across this post, which suggested that a Vertica setting may be the issue. However, we already have TLS_REQCERT allow set, as that post recommended.

 

What could be the issue here? Why would vsql work, but DBeaver not work from the same host?

 

(FYI: I originally asked this question on Stack Exchange.)

Comments

  • SruthiASruthiA Administrator

    HI,

     

     

       Can you check if user exists in all LDAP directories? Can you share me the output of 

     

    select * from client_auth;

     

     

    Sruthi

  • nchammas-mmnchammas-mm

    Hey Sruthi,

     

    Here is the output from that query. I redacted some information that appeared to be sensitive. Let me know if you need it.

     

    => select * from client_auth;
         auth_oid      | auth_name  | is_auth_enabled | auth_host_type | auth_host_address | auth_method |                                                                                                                                            auth_parameters                                                                                                                                                              | auth_priority 
    -------------------+------------+-----------------+----------------+-------------------+-------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------
     54043195528839980 | tldap      | True            | HOST           | 0.0.0.0/0         | LDAP        | host=ldap://REDACTED.ADDRESS/dc=,dc=;cn=;,ou=                                                                                                                                                                                                                                                                           |             0
     54043195531012096 | ldap       | True            | HOSTSSL        | 0.0.0.0/0         | LDAP        | host=ldap://REDACTED.ADDRESS, starttls=hard, basedn=dc=na,dc=RDCTS,dc=net, binddn=CN=redactedvertica,OU=3 Batch Service Accounts,OU=Batch Service Accounts,OU=MFG_Applications,DC=na,DC=RDCTS,DC=net, bind_password=REDACTED_PASSWORD, search_attribute=sAMAccountName, tls_reqcert=allow, tls_cadir=/etc/pki/tls/certs |             0
     54043195531012100 | ldap_local | True            | LOCAL          |                   | LDAP        | host=ldap://REDACTED.ADDRESS, starttls=hard, basedn=dc=na,dc=RDCTS,dc=net, binddn=CN=redactedvertica,OU=3 Batch Service Accounts,OU=Batch Service Accounts,OU=MFG_Applications,DC=na,DC=RDCTS,DC=net, bind_password=REDACTED_PASSWORD, search_attribute=sAMAccountName, tls_reqcert=allow, tls_cadir=/etc/pki/tls/certs |             1
    (3 rows)

     

    Does this information shed any light on the problem?

     

    > Can you check if user exists in all LDAP directories?

     

    How would I do this?

     

    Nick

  • nchammas-mmnchammas-mm

    Would you like me to open a formal support ticket (if that's possible)? I'm ready to take any extra steps to get to a resolution.

  • SruthiASruthiA Administrator

    Hi,

     

        Yes. I would suggest you to open a formal support ticket. It would be much easier

     

     

    Sruthi

  • nchammas-mmnchammas-mm

    Sruthi,

     

    I am working on getting our support account setup so I can open a format support ticket.

     

    In the meantime, is there anything more you can suggest I do? Any revelations from the information I posted earlier?

  • SruthiASruthiA Administrator

    Hi,

     

      Can you check if user exists in Active LDAP Directory??

     

    Sruthi

  • nchammas-mmnchammas-mm

    Yes, the user exists. I checked by running the following command at the command prompt:

     

    ldapsearch -xLLL -H ldap://na.mmfg.net -D "my_user" -W -b "dc=na,dc=dc,dc=net" '(&(samAccountName=my_user))'

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Format
SpoilerCodeQuote
Heading 2Heading 1
Emoji
:):D:(;):/:o:s:p:'(:|B):#:*<3o:)>:)
Url
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file
Home General DiscussionComment As ...