LDAP Integration
I have some trouble getting the AD user onboarding into Vertica
LDAP SEARCH works fine
ldapsearch -xLLL -H ldap://ldaphostip:389 -D "username@abc.bca.corp.com" -W -b "DC=abc,DC=bca,DC=corp,DC=com" '(&(samAccountName=username))'
I do see proper bind info
dbadmin=> SELECT * FROM client_auth_params;
45035996277634976 | v_ldap_bind | host | ldap://10.0.1.84/
45035996277634976 | v_ldap_bind | basedn | DC=abc,DC=bca,DC=corp,DC=com
45035996277634976 | v_ldap_bind | binddn_prefix | cn=username
45035996277634976 | v_ldap_bind | binddn_suffix | ,OU=C360ProdEnv,DC=abc,DC=bca,DC=corp,DC=com
vsql: FATAL 2248: Authentication failed for username "username"
*username is just to hide identity.
Any thoughts ?Why it doesn't work
Comments
Can you post the results of the following queries?
[1]
SELECT * FROM client_auth;
auth_oid | auth_name | is_auth_enabled | auth_host_type | auth_host_address | auth_method | auth_parameters | auth_priority
-------------------+------------------------+-----------------+----------------+-------------------+-------------+--------------------------------------------------------------------------------------------------------------------------------------------------+---------------
45035996276037072 | ldap_auth | True | HOST | 0.0.0.0/0 | LDAP | | 0
45035996276037526 | h1 | True | LOCAL | | HASH | | 0
45035996276037658 | vertica_ad | True | HOST | 0.0.0.0/0 | LDAP | host=ldap://ipaddress/, basedn=DC=abc,DC=bca,DC=corp,DC=com, binddn_prefix=cn=, binddn_suffix=,ou=ProdEnv,dc=abc,dc=bca,dc=corp,dc=com | 0
45035996276364356 | v_dbadmin_hash_network | True | HOST | 0.0.0.0/0 | HASH | | 0
45035996277637640 | v_ldap_bind | True | HOST | ipaddress | LDAP | host=ldap://ipaddress/, basedn=DC=abc,DC=bca,DC=corp,DC=com, binddn_prefix=cn=, binddn_suffix=,OU=ProdEnv,DC=abc,DC=bca,DC=corp,DC=com | 0
(5 rows)
[2]
SELECT object_name, grantee FROM grants WHERE object_type = 'CLIENTAUTHENTICATION';
object_name | grantee
------------------------+-----------------
h1 | role2
vertica_ad | vertica_ad_role
vertica_ad | ldap_auth_role
vertica_ad | vertica
v_dbadmin_hash_network | dbadmin
ldap_auth | ldap_auth_role
vertica_ad | myname
v_ldap_bind | myname
v_ldap_bind | public
[3]
dbadmin=> SELECT user_name, ldap_dn FROM users WHERE user_name = 'myname';
user_name | ldap_dn
--------------+---------
myname|
any thoughts ?
Jim any other insights
For the authentication record "v_ldap_bind" you have:
binddn_suffix=,OU=ProdEnv,DC=abc,DC=bca,DC=corp,DC=com
Is the "ProdEnv" needed? It wasn't used in your original ldap search.
45035996277637640 | v_ldap_bind | binddn_suffix | DC=aws,DC=sea,DC=samsung,DC=com
i modified the auth, still same error
vsql: FATAL 2248: Authentication failed for username "a2.bhatnagar"
any other thoughts?
folks -i'm stuck and not able to proceed.
any other pointers
Hi @ankit0007smart ,
Can you email me directly the exact out put (no data hiding) of the following?
Result of your LDAP search (using the specific user):
ldapsearch -xLLL -H ldap://ldaphostip:389 -D "username@abc.bca.corp.com" -W -b "DC=abc,DC=bca,DC=corp,DC=com" '(&(samAccountName=username))'
Results of queries in Vertica:
SELECT * FROM client_auth;
SELECT * FROM client_auth_params;
SELECT * FROM user_client_auth;
SELECT object_name, grantee FROM grants WHERE object_type = 'CLIENTAUTHENTICATION';
Email: james.knicely@microfocus.com
thanks James, this works after enabling the anonymous access on AD.
AWESOME!