I've been trying to setup LDAP for Bitnami PostgreSQL container, but I'm still getting an error, although AD based LDAP server is fine. I've been also setting the same feature up for MongoDB a few weeks ago and it works perfectly there, but coming to the clue.
My Dockerfile looks like this
FROM docker.io/bitnami/postgresql:15.5.0
ENV POSTGRES_PASSWORD="admin"
ENV POSTGRES_ENABLE_LDAP="yes"
ENV POSTGRES_LDAP_SERVER="ldap://subdomain.domain.tld"
ENV POSTGRES_LDAP_PORT="389"
ENV POSTGRES_LDAP_BASE_DN="OU=ou2,OU=ou1,DC=subdomain,DC=domain,DC=tld"
ENV POSTGRES_LDAP_BIND_DN="CN=ldap.user,OU=ou3,OU=ou1,DC=subdomain,DC=domain,DC=tld"
ENV POSTGRES_LDAP_BIND_PASSWORD="mypwd"
ENV POSTGRES_LDAP_SEARCH_ATTR="sAMAccountName"
USER root
RUN apt-get update && apt-get upgrade -y
RUN apt install ldap-utils
USER 1001
I'm running Docker container with this command:
docker run --rm -p5432:5432 --name postgresql -d postgresql:0.2
As I've defined my env variables in Dockerfile, /opt/bitnami/postgresql/conf/pg_hba.conf file looks just fine
host all postgres 0.0.0.0/0 md5
host all postgres ::/0 md5
host all all 0.0.0.0/0 ldap ldapserver=ldap://subdomain.domain.tld ldapport=389 ldapbasedn="OU=ou2,OU=ou1,DC=subdomain,DC=domain,DC=tld" ldapbinddn="CN=ldap.user,OU=ou3,OU=ou1,DC=subdomain,DC=domain,DC=tld" ldapbindpasswd=pwd ldapsearchattribute=sAMAccountName
host all all ::/0 ldap ldapserver=ldap://subdomain.domain.tld ldapport=389 ldapbasedn="OU=ou2,OU=ou1,DC=subdomain,DC=domain,DC=tld" ldapbinddn="CN=ldap.user,OU=ou3,OU=ou1,DC=subdomain,DC=domain,DC=tld" ldapbindpasswd=pwd ldapsearchattribute=sAMAccountName
local all all md5
host all all 127.0.0.1/32 md5
host all all ::1/128 md5
Then I'm creating new user in my database without the password as it is going to be defined by LDAP(at least I think so)
psql --username postgres
create role "name.surname" login;
Next I'm attempting to connect as LDAP user inside the same container
psql -h IP -U name.surname -d postgres
It's returning an error
psql: error: connection to server at "localhost" (127.0.0.1), port 5432 failed: FATAL: LDAP authentication failed for user "name.surname"
LOG: could not initialize LDAP: Bad parameter to an ldap routine
FATAL: LDAP authentication failed for user "name.surname"
DETAIL: Connection matched pg_hba.conf line 3: "host all all 0.0.0.0/0 ldap ldapserver=ldap://subdomain.domain.tld ldapport=389 ldapbasedn="OU=ou2,OU=ou1,DC=subdomain,DC=domain,DC=tld" ldapbinddn="CN=ldap.user,OU=ou3,OU=ou1,DC=subdomain,DC=domain,DC=tld" ldapbindpasswd=mypwd ldapsearchattribute=sAMAccountName"
I checked several articles and official documentation in order to check it out. For example here the same thing is described: https://www.strongdm.com/blog/connecting-postgres-to-active-directory-for-authentication https://www.postgresql.fastware.com/blog/connecting-fep-to-ad-for-authentication-using-ldap docs: https://www.postgresql.org/docs/12/auth-ldap.html
I've also checked ldap server with this command inside container and it works as expected
ldapsearch -x -LLL -H ldap://subdomain.domain.tld:389 -D "CN=ldap.user,OU=ou3,OU=ou1,DC=subdomain,DC=domain,DC=tld" -w 'mypwd' -b "OU=ou2,OU=ou1,DC=subdomain,DC=domain,DC=tld" "(sAMAccountName=name.surname)"
I think issue may be related with the incorrect syntax(as it's even mentioned but I have no clue how should I adjust it, the mentioned above articles advised to set it up just like that) of my pg_hba.conf for this specific service. The same config is working perfectly for MongoDB I've also been adding additional quotation marks sAMAccountName and password Tried to use Postgres 15.0 instead of 15.5, adding port directly to POSTGRES_LDAP_SERVER with format ldap://xxx:389 Also checked if providing ip in format 10.0.88.5 is working - it does not