Configuring LDAP authentication in YugabyteDB YSQL

How can I use LDAP with YugabyteDB?

I try running yb-tserver

./yb-tserver --flagfile tserver.conf --ysql_hba_conf_csv="host all yugabyte 127.0.0.1/32 trust,host all all 0.0.0.0/0 ldap ldapserver=domane.name.local ldapport=389 ldapprefix=uid= ldapsuffix=,cn=Tech_username,dc=name,dc=local" >& /hdd/yugabyted/yb-tserver.out &

After that I try login but I get error:

./ysqlsh -U yugabyte -W
Password: 
ysqlsh: could not connect to server: Connection refused
    Is the server running on host "localhost" (::1) and accepting
    TCP/IP connections on port 5433?
could not connect to server: Connection refused
    Is the server running on host "localhost" (127.0.0.1) and accepting
    TCP/IP connections on port 5433?

This hba file:

at /hdd/yugabyted/pg_data/ysql_hba.conf
# This is an autogenerated file, do not edit manually!
# Internal configuration:
# local all postgres yb-tserver-key
host all yugabyte 127.0.0.1/32 trust
host all all 0.0.0.0/0 ldap ldapserver=domane.name.local ldapport=389 ldapprefix=uid= ldapsuffix=
cn=Tech_username
dc=name
dc=local
local all yugabyte trust

I see many log files being generated:

Using YugabyteDB 2024.2.1.0, doing everything according to this article: https://docs.yugabyte.com/preview/secure/authentication/ldap-authentication-ysql/

Answer

Authentication errors will be in the postgres*.log files. It looks like you have an error in your hba config at first blush because you have postgres logs cycling one after another in your listing above.

If you are using a --flagfile — you can put the yb_hba_conf_csv in that file.

This config works for me:

'ysql_hba_conf_csv="host all all 0.0.0.0/0 ldap ldapserver=ldap.jumpcloud.com ldapprefix=""uid="" ldapsuffix="",ou=Users,o=61df0dd048c2e962e17b0129,dc=jumpcloud,dc=com"" ldapport=389"'

You can create a free account on jumpcloud.com to test it.