Workflow for configuring LDAP search and bind

To configure your Vertica database to authenticate clients using LDAP search and bind, follow these steps:.

To configure your Vertica database to authenticate clients using LDAP search and bind, follow these steps:

  1. Obtain a service account. For information see the LDAP product documentation.

  2. From a Vertica node, run ldapsearch against your LDAP or AD server. Verify the connection to the server, and identify the values of relevant fields. Running ldapsearch helps you build the client authentication string needed to configure LDAP authentication.

    In the following example, ldapsearch returns the CN, DN, and sAMAccountName fields (if they exist) for any user whose CN contains the username, John. This search succeeds only for LDAP servers that allow anonymous binding:

    $ ldapsearch -x -h 10.10.10.10 -b 'OU=Vertica Users,DC=CompanyCorp,DC=com' -s sub -D
    'CompanyCorp\jsmith' -W '(cn=John*)' cn dn uid sAMAccountName
    
  3. Review the results that ldapsearch returns.The relevant information for search and bind is in bold:

    # extended LDIF
    #
    # LDAPv3
    # base <OU=Vertica Users,DC=CompanyCorp,DC=com> with scope subtree
    # filter: (cn=John*)
    # requesting: cn dn sAMAccountName
    #
    # John Smith, Vertica Users, CompanyCorp.com
    dn: CN=jsmith,OU=Vertica Users,DC=CompanyCorp,DC=com
    cn: Jsmith
    sAMAccountName: jsmith
    # search result
    search: 2
    result: 0 Success
    # numResponses: 2
    # numEntries: 1
    
  4. Create the client authentication record. The cn attribute contains the username you want—jsmith. Set your search attribute to the CN field so that the search finds the appropriate account.

    => CREATE AUTHENTICATION v_ldap_bind_search METHOD 'ldap' HOST '10.10.10.10';
    => GRANT AUTHENTICATION v_ldap_bind_search TO public;
    => ALTER AUTHENTICATION v_ldap_bind_search SET
    host='ldap://10.10.10.10',
    basedn='OU=Vertica,DC=CompanyCorp,DC=com',
    binddn='CN=jsmith,OU=Vertica Users,DC=CompanyCorp,DC=com',
    bind_password='password',
    search_attribute='CN';
    

For more information see LDAP Bind and Search Parameters