Map for SSPI - fatal: role does not exist - case issue

329 views Asked by At

I use pg_ident.conf (PostgreSQL 12, OS Windows Server 2019) file to map users for SSPI this way:

# MAPNAME       SYSTEM-USERNAME         PG-USERNAME
MapForSSPI      someone@COMPANY         someone

Recently I had to add new user, which I did exactly the same way as usual. I have created role "newsomeone" via pgAdmin, added membership properly, and added user into pg_ident.conf as:

MapForSSPI      newsomeone@COMPANY         newsomeone

But when this user tried to connect:

FATAL:  role "NewSomeone" does not exist

Please be aware of CASE. With further testing I realized the OS login is really set up as NewSomeone@COMPANY, but what I really do not understand is why is this login with capital letters not mapped to my lowercase login "newsomeone". When I've created new role "NewSomeone" via pgAdmin without any change to pg_ident.conf, the connection is successful.

How is it possible that with PG-USERNAME "newsomeone" specified in lowercase in pg_ident.conf it looks for role "NewSomeone" (as in OS login)?

1

There are 1 answers

4
jjanes On BEST ANSWER

pg_ident.conf is there to allow the system-authenticated user to login as a specific requested database user, when the spelling of the two doesn't match. It is not there to rewrite the requested database user into a different database user.

As long as your client is demanding to login as database user "NewSomeone", either it will succeed as that user, or it will fail as that user. It will not pick a different name to log in as.

You need to fix your client connection code (which you didn't show) so that it attempts to log in with the correct spelling.