I've spent hours trying to find out why I couldn't get Postgres LDAP auth to work against a Samba active directory server in one setup (it worked well against a Samba active directory in another...).
I kept getting this in Postgres' logs:
2025-01-04 19:03:32.037 CET [58282] LOG: could not search LDAP with scope 2 for filter "(sAMAccountName=troels)" on server "dcsrv.test": Operations error
2025-01-04 19:03:32.037 CET [58282] DETAIL: LDAP diagnostics: 00002020: Operation unavailable without authentication
Adding this line in /etc/ldap/ldap.conf made things work:
REFERRALS off
In Red Hat derived Linux distributions, the path to ldap.conf is /etc/openldap/ldap.conf.
For why this make a difference, search for "referrals" in the Python FAQ.
(I'm getting the impression it would be nice if "off" was the default for REFERRALS.)
