[pgpool-general: 7562] Re: Unable to setup LDAP client authentication using Pgpool-II

Bo Peng pengbo at sraoss.co.jp
Mon May 10 10:47:06 JST 2021 

Hi,

On Sat, 8 May 2021 23:02:28 -0500
Vipin Madhusoodanan <vipin.madhusoodanan at gmail.com> wrote:

> LDAP authentication issue got fixed. I had  issues with the backend
> databases and due to load balance, connections were routed standby nodes.
> Primary database has been attached back to pgpool and corrected standby
> database hba_conf file.

Thank you for your feedback.

> It would be great if someone can share pgpool configurations and case
> studies which can be implemented in Prod environment.

We will consider adding configuration examples or blogs.

Best regards,

> On Fri, May 7, 2021, 4:46 PM Vipin Madhusoodanan <
> vipin.madhusoodanan at gmail.com> wrote:
> 
> > Hi Team,
> >
> > I am not able to authenticate via LDAP client authentication. LDAP
> > authentication is working fine with out pgpool , following are
> > the pgpool.conf client authentication and pool_hba.conf configuration
> > details. I have compiled the pgpool source code using Open-LDAP. I am
> > receiving the following error while connecting to database via pgpool.
> >
> >
> > psql -h *****: -p **** -U ***** postgres
> > Password for user *****:
> > psql: ERROR: failed to authenticate with backend using md5
> > DETAIL: valid password not found
> >
> > *Platform* : Linux
> >
> > *OS*: RHEL 8.3
> >
> > *Pgpool-II version* : 4.2.2
> >
> > *pool_hba.conf entry*
> >
> > host
> > all all *.*.*.*/* ldap ldapserver==**** ldapport=**** ldapbasedn="dc==****,dc==****,dc
> >
> > ==****" ldapbinddn="cn==****,ou=Service Accounts,ou=Resource Accounts,dc==****,dc==****,dc==****" ldapbindpasswd="=****" ldapsearchattrib
> > ute="sAMAccountName"
> >
> > *pgpool.conf - Authentication section*
> >
> > # - Authentication -
> >
> > enable_pool_hba = on
> >                                    # Use pool_hba.conf for client
> > authentication
> > pool_passwd = ''
> >                                    # File name of pool_passwd for md5
> > authentication.
> >                                    # "" disables pool_passwd.
> >                                    # (change requires restart)
> > authentication_timeout = 1min
> >                                    # Delay in seconds to complete client
> > authentication
> >                                    # 0 means no timeout.
> >
> > allow_clear_text_frontend_auth = on
> >                                    # Allow Pgpool-II to use clear text
> > password authentication
> >                                    # with clients, when pool_passwd does
> > not
> >                                    # contain the user password
> >
> >
> >
> > Thank you,
> >
> > Vipin
> >
> >


-- 
Bo Peng <pengbo at sraoss.co.jp>
SRA OSS, Inc. Japan

More information about the pgpool-general mailing list