Options

Getting “LDAP authentication failed” when connecting to Vertica via JDBC

nchammas-mmnchammas-mm
in General Discussion

I'm trying to connect to a Vertica 7.1.1 database using DBeaver. I've downloaded the 7.1.2 JDBC driver (I couldn't find a 7.1.1 driver available for download) and configured DBeaver to use it.

 

When I try to connect via DBeaver I get this:

 

```

SQLInvalidAuthorizationSpecException: [Vertica][VJDBC](3846)
FATAL: LDAP authentication failed for user "my_username"

```

 

If I try connecting with an invalid username, I get a different error message:

 

```

SQLInvalidAuthorizationSpecException: [Vertica][VJDBC](3781)
FATAL: Invalid username or password

```

 

This confirms that I am reaching Vertica fine, but something is going wrong when I try to authenticate with my correct username.

 

I am able to connect to Vertica from the same host via vsql without issue.

 

I came across this post, which suggested that a Vertica setting may be the issue. However, we already have TLS_REQCERT allow set, as that post recommended.

 

What could be the issue here? Why would vsql work, but DBeaver not work from the same host?

 

(FYI: I originally asked this question on Stack Exchange.)

Comments

  • Options
    SruthiASruthiA Vertica Employee Administrator

    HI,

     

     

       Can you check if user exists in all LDAP directories? Can you share me the output of 

     

    select * from client_auth;

     

     

    Sruthi

  • Options
    nchammas-mmnchammas-mm

    Hey Sruthi,

     

    Here is the output from that query. I redacted some information that appeared to be sensitive. Let me know if you need it.

     

    => select * from client_auth;
         auth_oid      | auth_name  | is_auth_enabled | auth_host_type | auth_host_address | auth_method |                                                                                                                                            auth_parameters                                                                                                                                                              | auth_priority 
    -------------------+------------+-----------------+----------------+-------------------+-------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------
     54043195528839980 | tldap      | True            | HOST           | 0.0.0.0/0         | LDAP        | host=ldap://REDACTED.ADDRESS/dc=,dc=;cn=;,ou=                                                                                                                                                                                                                                                                           |             0
     54043195531012096 | ldap       | True            | HOSTSSL        | 0.0.0.0/0         | LDAP        | host=ldap://REDACTED.ADDRESS, starttls=hard, basedn=dc=na,dc=RDCTS,dc=net, binddn=CN=redactedvertica,OU=3 Batch Service Accounts,OU=Batch Service Accounts,OU=MFG_Applications,DC=na,DC=RDCTS,DC=net, bind_password=REDACTED_PASSWORD, search_attribute=sAMAccountName, tls_reqcert=allow, tls_cadir=/etc/pki/tls/certs |             0
     54043195531012100 | ldap_local | True            | LOCAL          |                   | LDAP        | host=ldap://REDACTED.ADDRESS, starttls=hard, basedn=dc=na,dc=RDCTS,dc=net, binddn=CN=redactedvertica,OU=3 Batch Service Accounts,OU=Batch Service Accounts,OU=MFG_Applications,DC=na,DC=RDCTS,DC=net, bind_password=REDACTED_PASSWORD, search_attribute=sAMAccountName, tls_reqcert=allow, tls_cadir=/etc/pki/tls/certs |             1
    (3 rows)

     

    Does this information shed any light on the problem?

     

    > Can you check if user exists in all LDAP directories?

     

    How would I do this?

     

    Nick

  • Options
    nchammas-mmnchammas-mm

    Would you like me to open a formal support ticket (if that's possible)? I'm ready to take any extra steps to get to a resolution.

  • Options
    SruthiASruthiA Vertica Employee Administrator

    Hi,

     

        Yes. I would suggest you to open a formal support ticket. It would be much easier

     

     

    Sruthi

  • Options
    nchammas-mmnchammas-mm

    Sruthi,

     

    I am working on getting our support account setup so I can open a format support ticket.

     

    In the meantime, is there anything more you can suggest I do? Any revelations from the information I posted earlier?

  • Options
    SruthiASruthiA Vertica Employee Administrator

    Hi,

     

      Can you check if user exists in Active LDAP Directory??

     

    Sruthi

  • Options
    nchammas-mmnchammas-mm

    Yes, the user exists. I checked by running the following command at the command prompt:

     

    ldapsearch -xLLL -H ldap://na.mmfg.net -D "my_user" -W -b "dc=na,dc=dc,dc=net" '(&(samAccountName=my_user))'

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Format
SpoilerCodeQuote
Heading 2Heading 1
Emoji
:):D:(;):/:o:s:p:'(:|B):#:*<3o:)>:)
Url
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file
Home General DiscussionComment As ...