[pgpool-general: 7561] Re: Unable to setup LDAP client authentication using Pgpool-II

Vipin Madhusoodanan vipin.madhusoodanan at gmail.com
Sun May 9 13:02:28 JST 2021 

LDAP authentication issue got fixed. I had  issues with the backend
databases and due to load balance, connections were routed standby nodes.
Primary database has been attached back to pgpool and corrected standby
database hba_conf file.

It would be great if someone can share pgpool configurations and case
studies which can be implemented in Prod environment.

Thank you,
Vipin

On Fri, May 7, 2021, 4:46 PM Vipin Madhusoodanan <
vipin.madhusoodanan at gmail.com> wrote:

> Hi Team,
>
> I am not able to authenticate via LDAP client authentication. LDAP
> authentication is working fine with out pgpool , following are
> the pgpool.conf client authentication and pool_hba.conf configuration
> details. I have compiled the pgpool source code using Open-LDAP. I am
> receiving the following error while connecting to database via pgpool.
>
>
> psql -h *****: -p **** -U ***** postgres
> Password for user *****:
> psql: ERROR: failed to authenticate with backend using md5
> DETAIL: valid password not found
>
> *Platform* : Linux
>
> *OS*: RHEL 8.3
>
> *Pgpool-II version* : 4.2.2
>
> *pool_hba.conf entry*
>
> host
> all all *.*.*.*/* ldap ldapserver==**** ldapport=**** ldapbasedn="dc==****,dc==****,dc
>
> ==****" ldapbinddn="cn==****,ou=Service Accounts,ou=Resource Accounts,dc==****,dc==****,dc==****" ldapbindpasswd="=****" ldapsearchattrib
> ute="sAMAccountName"
>
> *pgpool.conf - Authentication section*
>
> # - Authentication -
>
> enable_pool_hba = on
>                                    # Use pool_hba.conf for client
> authentication
> pool_passwd = ''
>                                    # File name of pool_passwd for md5
> authentication.
>                                    # "" disables pool_passwd.
>                                    # (change requires restart)
> authentication_timeout = 1min
>                                    # Delay in seconds to complete client
> authentication
>                                    # 0 means no timeout.
>
> allow_clear_text_frontend_auth = on
>                                    # Allow Pgpool-II to use clear text
> password authentication
>                                    # with clients, when pool_passwd does
> not
>                                    # contain the user password
>
>
>
> Thank you,
>
> Vipin
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pgpool.net/pipermail/pgpool-general/attachments/20210508/156baf4d/attachment.htm>

More information about the pgpool-general mailing list