LDAP Authentication Question
I created the LDAP authentication and it works fine but once the LDAP authentication is enabled I am not able to connect to dbadmin from my system (but it works locally) ,why is it so and how to enable it ?
CREATE AUTHENTICATION LDAP1 METHOD 'ldap' HOST '0.0.0.0/0';
ALTER AUTHENTICATION LDAP1 SET
host='ldaps://xxxxxxxx1.dev.mapshc.com',
basedn='CN=Users,DC=dev,DC=mapshc,DC=com',
binddn='dev\sathyas',
search_attribute='sAMAccountName', bind_password='Password2020' ;
--tls_cacert='/etc/ssl/certs/DevldapPublic.cer', tls_reqcert='allow' ;
ALTER AUTHENTICATION LDAP1 enable;
ALTER DATABASE medicaid SET PARAMETER
LDAPLinkDryRun=0,
LDAPLinkURL='ldap://mapsdevdmc01.dev.mapshc.com',
LDAPLinkSearchBase='CN=Users,DC=dev,DC=mapshc,DC=com',
LDAPLinkBindDN='CN=Sathya S,CN=Users,DC=dev,DC=mapshc,DC=com',
LDAPLinkBindPswd='Password2020',
LDAPLinkFilterGroup='(&(objectClass=group)(cn=Verticadba))',
LDAPLinkFilterUser='(&(objectClass=user)(cn=*)(memberof=CN=VerticaDBA,CN=Users,DC=dev,DC=mapshc,DC=com))',
LDAPLinkGroupName='sAMAccountName',
LDAPLinkGroupMembers='member',
LDAPLinkUserName='sAMAccountName',
LDAPLinkOn=1;
SELECT LDAP_LINK_SYNC_START();
GRANT LDAP1 to VerticaDBA;
Verticadba is the group under which the LDAP users exist
Answers
What is the vsql command you are giving to connect?
Are you able to authenticate VerticaDBA with ldapsearch utility?
Yes..ldapsearch & bind works fine.
My requirement is LDAP for users but with dbadmin I should be able to connect from other machines and also locally.
Locally with the box(when DB exists it connects) but from remote using DBvis it gives authentication error
When you created the LDAP authentication, CREATE AUTHENTICATION LDAP1 METHOD 'ldap' HOST '0.0.0.0/0'; that authentication takes priority over the "implicit" default HASH HOST authentication.
Solution is to create explicit HASH authentication defaults.
For instance, CREATE AUTHENTICATION default_network METHOD 'hash' HOST '0.0.0.0/0'; and then GRANT AUTHENTICATION default_network to dbadmin;
see "Before you Begin" section in https://vertica.com/kb/LDAP-Authentication-Best-Practices/Content/BestPractices/LDAP-Authentication-Best-Practices.htm
Hello @SergeB
Recently i have tested one LDAP user in production....since them I am also facing similar type of issues for non ldap users from dbvis
but in my case sometimes connection is happening from dbvis and sometimes it is just showing connecting for non ldap users for hour
and nothing happening from dbvis.
I have dropped all the authentication methods and ie default_network and LDAP1 and even restarted the cluster but still facing similar issues since then
@SK21 Can you open a support ticket ?