The following bug has been logged on the website:
Bug reference: 9818
Logged by: Ján SárenÃk
Email address: jan.sarenik@generali.cz
PostgreSQL version: Unsupported/Unknown
Operating system: CentOS 6.5
Description:
Hello!
Following line is my only record in pg_hba.conf:
local all all ldap
ldapurl="ldap://aa00aaa001.aaaa.corp.local/DC=aaaa,DC=corp,DC=local?sAMAccountName?sub"
ldapbinddn="CN=svcLDAPDWH,OU=Services,OU=UsersAdm,DC=aaaa,DC=corp,DC=local"
ldapbindpasswd="XXXXXX"
LDAP server is Microsoft Active Directory.
I am testing on 554bb3beba27bf4a49edecc40f6c0f249974bc7c (today's git tree)
Version of OpenLDAP does not influence it (I have linked it with current
release, no change).
All I want in the end is to log into postgres as both of following users
CN=A000001,OU=UsersW7,DC=gpcz,DC=corp,DC=local
CN=A000002,OU=UsersStd,DC=gpcz,DC=corp,DC=local
Instead all I am getting is:
LOG: could not search LDAP for filter "(CN=A000001)" on server
"aa00aaa001.aaaa.corp.local": Operations error
LOG: could not search LDAP for filter "(CN=A000002)" on server
"aa00aaa001.aaaa.corp.local": Operations error
If I specify ldapurl to contain OU=UsersW7, I can log in as A000001
but not A000002 (and vice versa).
The only work around I was able to do so far is following, based
on the idea that LDAP_OPERATIONS_ERROR produced by MS AD server
is misleading. See end of
http://msdn.microsoft.com/en-us/library/dd303696.aspx
Thanks,
Ján
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 31ade0b..75255dd 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -2007,7 +2007,7 @@ CheckLDAPAuth(Port *port)
0,
&search_message);
- if (r != LDAP_SUCCESS)
+ if (r != LDAP_SUCCESS && r != LDAP_OPERATIONS_ERROR)
{
ereport(LOG,
(errmsg("could not search LDAP for filter \"%s\" on
server \"%s\": %s",
