Обсуждение: unrecognized configuration parameter "ldapbinddn" in file "/var/lib/pgsql/data/postgresql.conf"
Hi, i'm trying to use LDAP to authenticate Postgres against a Windows AD. On elder versions it succeeded. Now I'm running postgresql-15-150500.8.19.noarch on a SLES 15 SP5 system. I can't start the db server because it doesn't know the respective configuration parameters: Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] LOG: unrecognized configuration parameter"ldapbinddn" in file "/var/lib/pgsql/data/postgresql.conf" line 106 Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] LOG: unrecognized configuration parameter"ldapserver" in file "/var/lib/pgsql/data/postgresql.conf" line 108 Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] LOG: unrecognized configuration parameter"ldapport" in file "/var/lib/pgsql/data/postgresql.conf" line 110 Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] LOG: unrecognized configuration parameter"ldaptls" in file "/var/lib/pgsql/data/postgresql.conf" line 112 Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] LOG: unrecognized configuration parameter"ldapbasedn" in file "/var/lib/pgsql/data/postgresql.conf" line 114 Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] LOG: unrecognized configuration parameter"ldapbindpasswd" in file "/var/lib/pgsql/data/postgresql.conf" line 116 Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] FATAL: configuration file "/var/lib/pgsql/data/postgresql.conf"contains errors Nov 02 20:42:15 geneious postgresql-script[15575]: pg_ctl: could not start server Nov 02 20:42:15 geneious postgresql-script[15575]: Examine the log output. Nov 02 20:42:15 geneious systemd[1]: postgresql.service: Control process exited, code=exited, status=1/FAILURE Here is my setup from postgresql.conf: ldapbinddn = 'xxxxxxxxxxx' ldapserver = ldaps.scidom.de ldapport = 636 ldaptls = 1 ldapbasedn = 'xxxxxxxxx' ldapbindpasswd = 'xxxxxxxxxxxxxxxxx' I took the parameters from the doc from the official webpage. Do I need to switch on LDAP in a certain way ? Thanks for any idea. Bernd Bernd Lentes -- Bernd Lentes System Administrator MCD Helmholtzzentrum München +49 89 3187 1241 bernd.lentes@helmholtz-munich.de https://www.helmholtz-munich.de/en/mcd Helmholtz Zentrum München – Deutsches Forschungszentrum für Gesundheit und Umwelt (GmbH) Ingolstädter Landstraße 1, D-85764 Neuherberg, https://www.helmholtz-munich.de Geschäftsführung: Prof. Dr. med. Dr. h.c. Matthias Tschöp | Aufsichtsratsvorsitzende: MinDir’in Prof. Dr. Veronika von Messling Registergericht: Amtsgericht München HRB 6466 | USt-IdNr. DE 129521671
On Thu, Nov 2, 2023 at 07:56:40PM +0000, Bernd Lentes wrote: > Hi, > > i'm trying to use LDAP to authenticate Postgres against a Windows AD. On elder versions it succeeded. > Now I'm running postgresql-15-150500.8.19.noarch on a SLES 15 SP5 system. > I can't start the db server because it doesn't know the respective configuration parameters: > > Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] LOG: unrecognized configurationparameter "ldapbinddn" in file "/var/lib/pgsql/data/postgresql.conf" line 106 > Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] LOG: unrecognized configurationparameter "ldapserver" in file "/var/lib/pgsql/data/postgresql.conf" line 108 > Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] LOG: unrecognized configurationparameter "ldapport" in file "/var/lib/pgsql/data/postgresql.conf" line 110 > Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] LOG: unrecognized configurationparameter "ldaptls" in file "/var/lib/pgsql/data/postgresql.conf" line 112 > Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] LOG: unrecognized configurationparameter "ldapbasedn" in file "/var/lib/pgsql/data/postgresql.conf" line 114 > Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] LOG: unrecognized configurationparameter "ldapbindpasswd" in file "/var/lib/pgsql/data/postgresql.conf" line 116 > Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] FATAL: configuration file "/var/lib/pgsql/data/postgresql.conf"contains errors > Nov 02 20:42:15 geneious postgresql-script[15575]: pg_ctl: could not start server > Nov 02 20:42:15 geneious postgresql-script[15575]: Examine the log output. > Nov 02 20:42:15 geneious systemd[1]: postgresql.service: Control process exited, code=exited, status=1/FAILURE > > Here is my setup from postgresql.conf: > > ldapbinddn = 'xxxxxxxxxxx' > ldapserver = ldaps.scidom.de > ldapport = 636 > ldaptls = 1 > ldapbasedn = 'xxxxxxxxx' > ldapbindpasswd = 'xxxxxxxxxxxxxxxxx' > > I took the parameters from the doc from the official webpage. > Do I need to switch on LDAP in a certain way ? Okay, I am going to take a wild guess here, but the line numbers of the errors skip by 2 (e.g., 106, 108), while the example you showed have them in adjacent lines. Could there be invalid characters in the file contents? -- Bruce Momjian <bruce@momjian.us> https://momjian.us EDB https://enterprisedb.com Only you can decide what is important to you.
RE: unrecognized configuration parameter "ldapbinddn" in file "/var/lib/pgsql/data/postgresql.conf"
От
"Capobianco, Tony"
Дата:
Shouldn't the ldap string be in the pg_hba.conf file? https://www.enterprisedb.com/postgres-tutorials/how-connect-postgres-ldap-starttls Tony -----Original Message----- From: Bruce Momjian <bruce@momjian.us> Sent: Thursday, November 2, 2023 4:17 PM To: Bernd Lentes <bernd.lentes@helmholtz-muenchen.de> Cc: Pgsql-admin <pgsql-admin@lists.postgresql.org> Subject: Re: unrecognized configuration parameter "ldapbinddn" in file "/var/lib/pgsql/data/postgresql.conf" CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognizethe sender and know the content is safe. On Thu, Nov 2, 2023 at 07:56:40PM +0000, Bernd Lentes wrote: > Hi, > > i'm trying to use LDAP to authenticate Postgres against a Windows AD. On elder versions it succeeded. > Now I'm running postgresql-15-150500.8.19.noarch on a SLES 15 SP5 system. > I can't start the db server because it doesn't know the respective configuration parameters: > > Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] LOG: unrecognized configurationparameter "ldapbinddn" in file "/var/lib/pgsql/data/postgresql.conf" line 106 > Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] LOG: unrecognized configurationparameter "ldapserver" in file "/var/lib/pgsql/data/postgresql.conf" line 108 > Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] LOG: unrecognized configurationparameter "ldapport" in file "/var/lib/pgsql/data/postgresql.conf" line 110 > Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] LOG: unrecognized configurationparameter "ldaptls" in file "/var/lib/pgsql/data/postgresql.conf" line 112 > Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] LOG: unrecognized configurationparameter "ldapbasedn" in file "/var/lib/pgsql/data/postgresql.conf" line 114 > Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] LOG: unrecognized configurationparameter "ldapbindpasswd" in file "/var/lib/pgsql/data/postgresql.conf" line 116 > Nov 02 20:42:15 geneious postgresql-script[15577]: 2023-11-02 19:42:15.387 GMT [15577] FATAL: configuration file "/var/lib/pgsql/data/postgresql.conf"contains errors > Nov 02 20:42:15 geneious postgresql-script[15575]: pg_ctl: could not start server > Nov 02 20:42:15 geneious postgresql-script[15575]: Examine the log output. > Nov 02 20:42:15 geneious systemd[1]: postgresql.service: Control process exited, code=exited, status=1/FAILURE > > Here is my setup from postgresql.conf: > > ldapbinddn = 'xxxxxxxxxxx' > ldapserver = ldaps.scidom.de > ldapport = 636 > ldaptls = 1 > ldapbasedn = 'xxxxxxxxx' > ldapbindpasswd = 'xxxxxxxxxxxxxxxxx' > > I took the parameters from the doc from the official webpage. > Do I need to switch on LDAP in a certain way ? Okay, I am going to take a wild guess here, but the line numbers of the errors skip by 2 (e.g., 106, 108), while the example you showed have them in adjacent lines. Could there be invalid characters in the file contents? -- Bruce Momjian <bruce@momjian.us> https://momjian.us/ EDB https://enterprisedb.com/ Only you can decide what is important to you.
On Thu, 2023-11-02 at 19:56 +0000, Bernd Lentes wrote: > i'm trying to use LDAP to authenticate Postgres against a Windows AD. On elder versions it succeeded. Possible ... > Now I'm running postgresql-15-150500.8.19.noarch on a SLES 15 SP5 system. > I can't start the db server because it doesn't know the respective configuration parameters: > > LOG: unrecognized configuration parameter "ldapbinddn" in file "/var/lib/pgsql/data/postgresql.conf" line 106 > [...] > FATAL: configuration file "/var/lib/pgsql/data/postgresql.conf" contains errors ... but in those older versions you couldn't have had the parameter in "postgresql.conf". They belong in "pg_hba.conf"; see the documentation: https://www.postgresql.org/docs/current/auth-ldap.html Yours, Laurenz Albe
>-----Original Message----- >From: Laurenz Albe <laurenz.albe@cybertec.at> >Sent: Thursday, November 2, 2023 9:37 PM >To: Bernd Lentes <bernd.lentes@helmholtz-muenchen.de>; Pgsql-admin <pgsql- >admin@lists.postgresql.org> >Subject: Re: unrecognized configuration parameter "ldapbinddn" in file >"/var/lib/pgsql/data/postgresql.conf" > > >They belong in "pg_hba.conf"; see the documentation: >https://www.postg/ >resql.org%2Fdocs%2Fcurrent%2Fauth- >ldap.html&data=05%7C01%7Cbernd.lentes%40helmholtz- >muenchen.de%7Cd78c5ec0f0354398944408dbdbe3861e%7Ce229e4931bf240a79 >b8485f6c23aeed8%7C0%7C0%7C638345542473140044%7CUnknown%7CTWFpb >GZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0 >%3D%7C3000%7C%7C%7C&sdata=rX90p7r6FHEyfApvxgqoJiO6Cg00A1pzs%2BvPV >hCdMQA%3D&reserved=0 Yes. Thanks. Bernd Helmholtz Zentrum München – Deutsches Forschungszentrum für Gesundheit und Umwelt (GmbH) Ingolstädter Landstraße 1, D-85764 Neuherberg, https://www.helmholtz-munich.de/ Geschäftsführung: Prof. Dr. med. Dr. h.c. Matthias Tschöp | Aufsichtsratsvorsitzende: MinDir’in Prof. Dr. Veronika von Messling Registergericht: Amtsgericht München HRB 6466 | USt-IdNr. DE 129521671
Greetings, * Bernd Lentes (bernd.lentes@helmholtz-muenchen.de) wrote: > i'm trying to use LDAP to authenticate Postgres against a Windows AD. On elder versions it succeeded. You really shouldn't use the 'ldap' auth method in PostgreSQL as it involves passing around a cleartext password to work. With Windows AD, you can use Kerberos which is what all of the Microsoft applications use for authentication too, avoids users having to ever enter in their password, avoids having users end up saving their domain password into cliet tools like pgAdmin, and is just overall far, far, better and much more secure. Note that in PostgreSQL, the Kerberos auth method is 'gssapi'. Thanks, Stephen