LDAP Authentication

When LDAP authentication is enabled, LDAP is used to transparently authenticate logins for users who do not have local passwords. Any user account that has a database local password will be authenticated by the database, bypassing LDAP authentication. In either case, the user must first exist in Yellowbrick. If you want LDAP users to be automatically created in Yellowbrick, you can enable LDAP synchronization.

Before enabling LDAP authentication, Yellowbrick recommends that you create one or more superusers with local passwords. These user accounts will bypass LDAP authentication; regardless of the functional state of the LDAP server, these designated superusers will be able to log into and administer the database. Therefore, the yellowbrick superuser is typically not set up as an LDAP user.

If you have existing database user accounts that are currently authenticated by the database but you want them to switch to LDAP authentication, set their passwords to NULL. For example, if brick is a database user with the local password yellow, and you want future logins with this account to use LDAP authentication, run the following ALTER ROLE command:

premdb# alter role brick with password null;
ALTER ROLE

Alternatively, you can use the Users tab in the SMC to make this change. (Note that the authentication change may not be immediate and could take a minute to apply in the system.)

For information about default users that are created on a Yellowbrick cluster, see User Accounts.

Common Errors with LDAP Authentication

If a login attempt is made for a user account that exists in the LDAP directory but does not exist in Yellowbrick, the system returns an error. For example:

FATAL: role "dummy.user" does not exist

If a login attempt occurs with a username that does not exist in the LDAP directory, or an incorrect password is applied, the system returns an error. For example:

LDAP authentication failed for user "some_user"

In This Section

Parent topic:LDAP Integration

Setting Up Encryption

Creating an Alert Endpoint

config

Secure Connections for ODBC/JDBC Clients and ybsql

LDAP Authentication

Synchronizing Users and Groups

Running a Bulk Load

Loading Tables from Parquet Files

ybload Command

Bulk Load Examples

Loading from Amazon S3

Loading from Azure Blob Storage

Setting Up the ybrelay Service

Setting up and Running a Spark Job

Creating WLM Resource Pools

Creating WLM Rules

Rule Examples

DECIMAL

Data Type Casting

SQL String Constants

CREATE EXTERNAL TABLE

CREATE TABLE

GRANT

SELECT

GROUP BY Clause

Subqueries

SHOW

SQL Conditions

String Functions

ENCRYPT_KS

Pattern Matching

SQL Operators and Pattern Matching Functions

Regular Expression Details

Datetime Functions

Mathematical Functions

Aggregate Functions

Window Functions

Conditional Expressions

Formatting Functions

JSON Functions

System Functions

Network Address Functions

LDAP Authentication ​

Common Errors with LDAP Authentication ​

LDAP Authentication

Common Errors with LDAP Authentication