[pgpool-general: 6781] Ldap auth via pgpool

Jaime Casanova jaime.casanova at 2ndquadrant.com
Sat Nov 16 00:47:12 JST 2019


Hi,

I'm having problems trying to configure the pamldap module to use it
with pgpool. I'm keep getting this message:

"""
nslcd: [8b4567] <authc="pgadminuser"> no available LDAP server found,
sleeping 1 seconds
nslcd: [8b4567] <authc="pgadminuser"> DEBUG:
ldap_initialize(ldaps://192.168.39.144:636/)
nslcd: [8b4567] <authc="pgadminuser"> DEBUG: ldap_set_rebind_proc()
nslcd: [8b4567] <authc="pgadminuser"> DEBUG:
ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [8b4567] <authc="pgadminuser"> DEBUG: ldap_set_option(LDAP_OPT_DEREF
,0)
nslcd: [8b4567] <authc="pgadminuser"> DEBUG:
ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [8b4567] <authc="pgadminuser"> DEBUG: ldap_set_option(LDAP_OPT_TIMEO
UT,0)
nslcd: [8b4567] <authc="pgadminuser"> DEBUG:
ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [8b4567] <authc="pgadminuser"> DEBUG:
ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [8b4567] <authc="pgadminuser"> DEBUG:
ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [8b4567] <authc="pgadminuser"> DEBUG:
ldap_set_option(LDAP_OPT_X_TLS,LDAP_OPT_X_TLS_HARD)
nslcd: [8b4567] <authc="pgadminuser"> DEBUG:
ldap_simple_bind_s(NULL,NULL) (uri="ldaps://192.168.39.144:636/")
nslcd: [8b4567] <authc="pgadminuser"> failed to bind to LDAP server
ldaps://192.168.39.144:636/: Can't contact LDAP server:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate
verify failed (self signed certificate in ...
nslcd: [8b4567] <authc="pgadminuser"> DEBUG: ldap_unbind()
nslcd: [8b4567] <authc="pgadminuser"> no available LDAP server found:
Can't contact LDAP server
nslcd: [8b4567] <authc="pgadminuser"> DEBUG: "pgadminuser": user not
found: Can't contact LDAP server
"""

but i can authenticate using ldap directly from postgres.

so my question is: can i surpass pgpool and authenticate directly in
postgres?
everytime i try that pgpool ask for the user to be in pool_hba but the
password is stored in ldap and can change at any time.

suggestions?

--
Jaime Casanova
2ndQuadrant
Su diligente equipo de expertos en PostgreSQL
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.sraoss.jp/pipermail/pgpool-general/attachments/20191115/a061f466/attachment.html>


More information about the pgpool-general mailing list