This document describes errors you might encounter when you integrate Active Directory in AlloyDB Omni. Examples of errors and recommended fixes are also provided.
Active Directory isn't working
Description
Active Directory isn't working in AlloyDB Omni, which is caused
by incorrect pg_hba.conf
entries. If the entries that you added to the pg_hba.conf
file aren't valid, AlloyDB for PostgreSQL ignores those entries. As a
result, the specified authentication mechanism won't work.
Recommended fix
To view the error message, including information about how to resolve the issue,
sign into psql
and run the following command:
docker
exec
-it
alloydb_docs
psql
-h
localhost
-U
postgres
psql
(
16
.3 )
Type
"help"
for
help. postgres
=
# table pg_hba_file_rules ;
rule_number
|
file_name
|
line_number
|
type
|
database
|
user_name
|
address
|
netmask
|
auth_method
|
options
|
error
-------------+--------------------------------------+-------------+---------+----------+--------------------+-----------+-----------------------------------------+-------------+--------------------------+-----------------------------------------------------
1
|
/var/lib/postgresql/data/pg_hba.conf
|
1
|
host
|
{
all }
|
{
alloydbadmin }
|
127
.0.0.1
|
255
.255.255.255
|
trust
|
|
|
/var/lib/postgresql/data/pg_hba.conf
|
2
|
hostssl
|
{
all }
|
{
alloydbadmin }
|
::1
|
ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
|
trust
|
|
hostssl
record
cannot
match
because
SSL
is
disabled
|
/var/lib/postgresql/data/pg_hba.conf
|
3
|
hostssl
|
{
all }
|
{
alloydbpgbouncer }
|
0
.0.0.0
|
0
.0.0.0
|
cert
|
{
clientcert
=
verify-full }
|
hostssl
record
cannot
match
because
SSL
is
disabled
|
/var/lib/postgresql/data/pg_hba.conf
|
4
|
hostssl
|
{
all }
|
{
alloydbpgbouncer }
|
::1
|
ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
|
cert
|
{
clientcert
=
verify-full }
|
hostssl
record
cannot
match
because
SSL
is
disabled
|
/var/lib/postgresql/data/pg_hba.conf
|
5
|
hostssl
|
{
all }
|
{
alloydbadmin }
|
all
|
|
reject
|
|
hostssl
record
cannot
match
because
SSL
is
disabled
|
/var/lib/postgresql/data/pg_hba.conf
|
6
|
|
|
|
|
|
|
|
invalid
CIDR
mask
in
address
"0.0.0.0/1000"
2
|
/var/lib/postgresql/data/pg_hba.conf
|
7
|
local
|
{
all }
|
{
all }
|
|
|
trust
|
|
psql: error: connection to server on socket "/tmp/.s.PGSQL.5432" failed: FATAL: role "user2" does not exist
Description
This error occurs when a system user, who is trying to connect, doesn't have a PostgreSQL user created, or doesn't have a role mapped.
Recommended fix
Create a role in PostgreSQL with the required username, or add an entry for this
user to the pg_ident.conf
file.
psql (16.3)
Type "help" for help.
postgres=# CREATE ROLE user2 WITH LOGIN;
CREATE ROLE
Server restart fails with error: "could not load /var/lib/postgresql/data/pg_hba.conf""
Description
The server restart failed because the pg_hba.conf
contains invalid entries.
Recommended fix
Check the pg_hba.conf
file for invalid entries.
