On Fri, 2026-03-13 at 06:57 +0000, Subramanian,Ramachandran wrote:
> We have an USERID ( VALID-USER) who exists in the LDAP Group G_APP_Postgres_Users.
>
> PS H:\> Get-ADUser -LDAPFilter
"(&(objectClass=user)(sAMAccountName=VALID-USER)(memberOf=CN=G_APP_Postgres_Users,OU=Anwendungen,OU=Gruppen,OU=Identity,DC=my-Konzern,DC=de))"
>
> DistinguishedName : CN=VALID-USER,OU=Konten,OU=EWT,OU=PostgreSQL,OU=Ressourcen,DC=my-Konzern,DC=de
> Enabled : True
> GivenName : REWT-PostgreSQL
> Name : VALID-USER
> ObjectClass : user
> ObjectGUID : 5a45f8e9-f13b-4ff2-9815-ec85bd0aeb7c
> SamAccountName : VALID-USER
> SID : S-1-5-21-4249930229-1474557206-4077294858-125360
> Surname : Rochade-Konfig
> UserPrincipalName :VALID-USER@my-konzern.de
>
> However when he tries to connect to postgres we see this error message.
>
> Postgres-Log
> LOG: LDAP user "VALID-USER" does not exist
> FATAL: LDAP authentication failed for user "VALID-USER"
>
> PG_HBA.CONF entry is shown below.
>
> pg_hba.conf
> host all all 0.0.0.0/0 ldap ldapserver=ldap.my-konzern.de ldapport=389
ldapbinddn="CN=Postgres-LDAP,OU=Konten,OU=PROD,OU=PostgreSQL,OU=Ressourcen,DC=my-konzern,DC=de"
ldapbindpasswd="dF3@3#s$P1"ldapbasedn="OU=Postgres,OU=Ressourcen,DC=my-konzern,DC=de" ldapscheme=ldap
ldapsearchfilter="(&(objectClass=user)(
sAMAccountName=%u)(memberOf=CN=G_APP_Postgres_Users,OU=Anwendungen,OU=Gruppen,OU=Identity,DC=my-konzern,DC=de))"
>
> What could be the source of this error?
I'd say that because PostgreSQL <> Postgres, you won't find user
"CN=VALID-USER,OU=Konten,OU=EWT,OU=PostgreSQL,OU=Ressourcen,DC=my-Konzern,DC=de"
under the base distinguished name "OU=Postgres,OU=Ressourcen,DC=my-konzern,DC=de".
Try with ldapbasedn="OU=PostgreSQL,OU=Ressourcen,DC=my-Konzern,DC=de".
> How to debug this problem step by step to see where exactly the chain is disconnected?
Copy and paste is your friend, it avoids typos.
Yours,
Laurenz Albe
