I am trying to authenticate PostgreSQL 9.0 login roles against LDAP/Active directory (AD). PostgreSQL 9.0 is installed on a Windows 2008 R2 64bit. My pg_hba.conf setting looks like the following:
host <db> <user> samenet ldap ldapserver=<server.domain.net.com> ldapprefix="DOMAIN\" I am populating the <db>, <user>, <server.domain.net.com>, and DOMAIN with real values.
When I use the following psql command I get an error: C:\Windows\System32>psql -d <db> -U <user> -W Password for user <user>: psql: FATAL: password authentication failed for user "<user>"
I have added the <user> to the login role and the user exists in AD.
If I use pyscopg2 (a python module that is commonly used for PostgreSQL interaction), I can actually connect to the database using the settings specified in the pg_hba.conf file shown above. If I use a false username, the script fails. Therefore the script is behaving as I would expect, but I am confussed why psql is behaving differently.
Questions: 1. Does my pg_hba.conf setting seem correct? 2. If my pg_hba.conf setup is correct, why is psql failing (does not fail using a second user specified in db that authenticates with password)? I also tried specifying ldapport, but this was causing a failure in postgres reading the conf. I am able to use the same command on different databases and for different users and this works. 3. Is the transfer of the password automatically encrypted? I read in a blog that using LDAP does not encrypt and I need to use SSL. I tried using ldaptls=1 but this was causing a failure in postgres reading the conf. 4. There is some documentation I have found online on how to set this up but most of the examples/blogs were not helping me to work though this.
