We're Moving!

The Vertica Forum is moving to a new OpenText Analytics Database (Vertica) Community.

Join us there to post discussion topics, learn about

product releases, share tips, access the blog, and much more.

Create My New Community Account Now


LDAP Integration — Vertica Forum

LDAP Integration

ankit0007smartankit0007smart
in General Discussion

I have some trouble getting the AD user onboarding into Vertica

LDAP SEARCH works fine
ldapsearch -xLLL -H ldap://ldaphostip:389 -D "username@abc.bca.corp.com" -W -b "DC=abc,DC=bca,DC=corp,DC=com" '(&(samAccountName=username))'

I do see proper bind info
dbadmin=> SELECT * FROM client_auth_params;

45035996277634976 | v_ldap_bind | host | ldap://10.0.1.84/
45035996277634976 | v_ldap_bind | basedn | DC=abc,DC=bca,DC=corp,DC=com
45035996277634976 | v_ldap_bind | binddn_prefix | cn=username
45035996277634976 | v_ldap_bind | binddn_suffix | ,OU=C360ProdEnv,DC=abc,DC=bca,DC=corp,DC=com

vsql: FATAL 2248: Authentication failed for username "username"

*username is just to hide identity.

Any thoughts ?Why it doesn't work

Comments

  • Jim_KnicelyJim_Knicely - Select Field - Administrator

    Can you post the results of the following queries?

    SELECT * FROM client_auth;
SELECT object_name, grantee FROM grants WHERE object_type = 'CLIENTAUTHENTICATION';
SELECT user_name, ldap_dn FROM users WHERE user_name = 'YOUR USERNAME';
  • ankit0007smartankit0007smart
    edited February 2018

    [1]

    SELECT * FROM client_auth;
    auth_oid | auth_name | is_auth_enabled | auth_host_type | auth_host_address | auth_method | auth_parameters | auth_priority
    -------------------+------------------------+-----------------+----------------+-------------------+-------------+--------------------------------------------------------------------------------------------------------------------------------------------------+---------------
    45035996276037072 | ldap_auth | True | HOST | 0.0.0.0/0 | LDAP | | 0
    45035996276037526 | h1 | True | LOCAL | | HASH | | 0
    45035996276037658 | vertica_ad | True | HOST | 0.0.0.0/0 | LDAP | host=ldap://ipaddress/, basedn=DC=abc,DC=bca,DC=corp,DC=com, binddn_prefix=cn=, binddn_suffix=,ou=ProdEnv,dc=abc,dc=bca,dc=corp,dc=com | 0
    45035996276364356 | v_dbadmin_hash_network | True | HOST | 0.0.0.0/0 | HASH | | 0
    45035996277637640 | v_ldap_bind | True | HOST | ipaddress | LDAP | host=ldap://ipaddress/, basedn=DC=abc,DC=bca,DC=corp,DC=com, binddn_prefix=cn=, binddn_suffix=,OU=ProdEnv,DC=abc,DC=bca,DC=corp,DC=com | 0
    (5 rows)

    [2]
    SELECT object_name, grantee FROM grants WHERE object_type = 'CLIENTAUTHENTICATION';
    object_name | grantee
    ------------------------+-----------------
    h1 | role2
    vertica_ad | vertica_ad_role
    vertica_ad | ldap_auth_role
    vertica_ad | vertica
    v_dbadmin_hash_network | dbadmin
    ldap_auth | ldap_auth_role
    vertica_ad | myname
    v_ldap_bind | myname
    v_ldap_bind | public

    [3]
    dbadmin=> SELECT user_name, ldap_dn FROM users WHERE user_name = 'myname';
    user_name | ldap_dn
    --------------+---------
    myname|

  • ankit0007smartankit0007smart

    any thoughts ?

  • ankit0007smartankit0007smart

    Jim any other insights

  • Jim_KnicelyJim_Knicely - Select Field - Administrator

    For the authentication record "v_ldap_bind" you have:

    binddn_suffix=,OU=ProdEnv,DC=abc,DC=bca,DC=corp,DC=com

    Is the "ProdEnv" needed? It wasn't used in your original ldap search.

  • ankit0007smartankit0007smart

    45035996277637640 | v_ldap_bind | binddn_suffix | DC=aws,DC=sea,DC=samsung,DC=com

    i modified the auth, still same error

    vsql: FATAL 2248: Authentication failed for username "a2.bhatnagar"

  • ankit0007smartankit0007smart

    any other thoughts?

  • ankit0007smartankit0007smart

    folks -i'm stuck and not able to proceed.
    any other pointers

  • Jim_KnicelyJim_Knicely - Select Field - Administrator
    edited February 2018

    Hi @ankit0007smart ,

    Can you email me directly the exact out put (no data hiding) of the following?

    Result of your LDAP search (using the specific user):
    ldapsearch -xLLL -H ldap://ldaphostip:389 -D "username@abc.bca.corp.com" -W -b "DC=abc,DC=bca,DC=corp,DC=com" '(&(samAccountName=username))'

    Results of queries in Vertica:

    SELECT * FROM client_auth;
    SELECT * FROM client_auth_params;
    SELECT * FROM user_client_auth;
    SELECT object_name, grantee FROM grants WHERE object_type = 'CLIENTAUTHENTICATION';

    Email: james.knicely@microfocus.com

  • ankit0007smartankit0007smart

    thanks James, this works after enabling the anonymous access on AD.

  • Jim_KnicelyJim_Knicely - Select Field - Administrator

    AWESOME!

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Format
SpoilerCodeQuote
Heading 2Heading 1
Emoji
:):D:(;):/:o:s:p:'(:|B):#:*<3o:)>:)
Url
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file
Home General DiscussionComment As ...