Configure LDAP Authentication

SynxDB Cloud supports Light weight Directory Access Protocol (LDAP) authentication. This allows you to integrate your database and console access with your organization’s existing directory service (such as OpenLDAP or Active Directory), providing unified identity management.

This guide describes how to configure LDAP authentication in the DBaaS Admin Console, map SynxDB Cloud accounts to LDAP users, and log in using LDAP credentials.

Prerequisites

Before configuring LDAP authentication, ensure the following requirements are met:

  • LDAP server: You have a running LDAP server (for example, OpenLDAP) that is accessible from the SynxDB Cloud cluster.

  • Connection details: You have the necessary information to connect to the LDAP server, including:

    • Server URL (IP address or hostname) and port.

    • Base DN (distinguished name).

    • Manager DN and password (for searching the directory).

    • User search filter.

  • LDAP user: The user you intend to use for the database account must already exist in the LDAP directory.

Step 1. Configure LDAP connection

You need to register your LDAP server configuration in the DBaaS Admin Console first.

  1. Log into the DBaaS Admin Console.

  2. In the left navigation menu, click Auth Config.

  3. Click + Create LDAP in the upper-right corner.

  4. In the Create LDAP dialog, fill in the connection details:

    • Name: A unique name for this configuration (for example, ldap-server-01).

    • Url: The IP address or domain name of the LDAP server (for example, 192.168.199.113). Do not include the ldap:// prefix here.

    • Port: The port number of the LDAP server (Default is usually 389 or 636 for SSL).

    • Base Dn: The root node for the search (for example, dc=rpa,dc=ibm,dc=com).

    • Manager Dn: The distinguished name of the user with permissions to search the directory (for example, cn=Manager,dc=rpa,dc=ibm,dc=com).

    • Manager Password: The password for the manager DN.

    • User Search Filter: The filter pattern used to locate users. Use $username as a placeholder for the input username.

      • Example: (uid=$username)

    • Enabled: Toggle to Yes.

  5. Click OK to save the configuration.

Step 2. Create an account with LDAP authentication

Once the LDAP configuration is ready, you can create a new Account that uses LDAP for authentication instead of a local password.

  1. Navigate to the Organizations page.

  2. Select the target organization and click Create Account.

  3. In the Create Account dialog, configure the following:

    • Account Name: Enter a name for the account (for example, ldap_acct).

    • User Name: Enter the exact username (UID) as it exists in your LDAP server (for example, john).

    • Authentication Type: Select LDAP Authentication.

    • LDAP Configuration: Select the configuration created in Step 1 (for example, ldap-server-01).

    • Fill in other required resource fields (for example, Cloud, Region, Metadata Type).

  4. Click OK to provision the account.

Note

When an account is configured with LDAP authentication, the system will automatically configure the database’s pg_hba.conf file to allow access via the LDAP protocol.

Step 3. Provision compute resources

To use the account, you must create a warehouse and assign ownership to the LDAP user.

  1. Go to the Account Detail page for the newly created account.

  2. Switch to the Warehouses tab and click + Create Warehouse.

  3. Fill in the warehouse details.

  4. In the Warehouse Owner dropdown, select the LDAP user created in Step 2 (for example, john).

  5. Click OK.

Step 4. Log in using LDAP credentials

After configuration, the user can log in to both the database and the web console using their LDAP password.

Login to Database

You can connect to the database using standard clients (like psql or JDBC/ODBC).

  • Host: The coordinator host or load balancer IP.

  • Port: The database port (for example, 5432).

  • Database: postgres (or your specific database).

  • User: The LDAP username (for example, qiang).

  • Password: The user’s LDAP password.

Example (psql):

export PGPASSWORD='<your_ldap_password>'
psql -h <coordinator_host> -p 5432 -d postgres -U qiang

Login to DBaaS User Console

To access the SynxDB Cloud DBaaS User Console:

  1. Navigate to the DBaaS User Console login page.

  2. Organization Name: Enter the organization name.

  3. Login Name: Enter the login name in the format username@account_name.

    • Example: If the LDAP user is john and the Account Name created in Step 2 is ldap, enter john@ldap.

  4. Password: Enter the user’s LDAP password.

  5. Click Login.