LDAP Authentication Question

SathyaSathya Vertica Customer
in General Discussion

I created the LDAP authentication and it works fine but once the LDAP authentication is enabled I am not able to connect to dbadmin from my system (but it works locally) ,why is it so and how to enable it ?

CREATE AUTHENTICATION LDAP1 METHOD 'ldap' HOST '0.0.0.0/0';

ALTER AUTHENTICATION LDAP1 SET
host='ldaps://xxxxxxxx1.dev.mapshc.com',
basedn='CN=Users,DC=dev,DC=mapshc,DC=com',
binddn='dev\sathyas',
search_attribute='sAMAccountName', bind_password='Password2020' ;
--tls_cacert='/etc/ssl/certs/DevldapPublic.cer', tls_reqcert='allow' ;

ALTER AUTHENTICATION LDAP1 enable;

ALTER DATABASE medicaid SET PARAMETER
LDAPLinkDryRun=0,
LDAPLinkURL='ldap://mapsdevdmc01.dev.mapshc.com',
LDAPLinkSearchBase='CN=Users,DC=dev,DC=mapshc,DC=com',
LDAPLinkBindDN='CN=Sathya S,CN=Users,DC=dev,DC=mapshc,DC=com',
LDAPLinkBindPswd='Password2020',
LDAPLinkFilterGroup='(&(objectClass=group)(cn=Verticadba))',
LDAPLinkFilterUser='(&(objectClass=user)(cn=*)(memberof=CN=VerticaDBA,CN=Users,DC=dev,DC=mapshc,DC=com))',
LDAPLinkGroupName='sAMAccountName',
LDAPLinkGroupMembers='member',
LDAPLinkUserName='sAMAccountName',
LDAPLinkOn=1;
SELECT LDAP_LINK_SYNC_START();

GRANT LDAP1 to VerticaDBA;

Verticadba is the group under which the LDAP users exist

Answers

  • SK21SK21 Vertica Customer

    What is the vsql command you are giving to connect?
    Are you able to authenticate VerticaDBA with ldapsearch utility?

  • SathyaSathya Vertica Customer

    Yes..ldapsearch & bind works fine.

    My requirement is LDAP for users but with dbadmin I should be able to connect from other machines and also locally.
    Locally with the box(when DB exists it connects) but from remote using DBvis it gives authentication error

  • SergeBSergeB - Select Field - Employee

    When you created the LDAP authentication, CREATE AUTHENTICATION LDAP1 METHOD 'ldap' HOST '0.0.0.0/0'; that authentication takes priority over the "implicit" default HASH HOST authentication.

    Solution is to create explicit HASH authentication defaults.

    For instance, CREATE AUTHENTICATION default_network METHOD 'hash' HOST '0.0.0.0/0'; and then GRANT AUTHENTICATION default_network to dbadmin;

    see "Before you Begin" section in https://vertica.com/kb/LDAP-Authentication-Best-Practices/Content/BestPractices/LDAP-Authentication-Best-Practices.htm

  • SK21SK21 Vertica Customer

    Hello @SergeB

    Recently i have tested one LDAP user in production....since them I am also facing similar type of issues for non ldap users from dbvis
    but in my case sometimes connection is happening from dbvis and sometimes it is just showing connecting for non ldap users for hour
    and nothing happening from dbvis.

    I have dropped all the authentication methods and ie default_network and LDAP1 and even restarted the cluster but still facing similar issues since then

  • SergeBSergeB - Select Field - Employee

    @SK21 Can you open a support ticket ?

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Format
SpoilerCodeQuote
Heading 2Heading 1
Emoji
:):D:(;):/:o:s:p:'(:|B):#:*<3o:)>:)
Url
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file
Home General DiscussionComment As ...