Neste documento, descrevemos os erros que podem ocorrer ao integrar o Active
Directory ao AlloyDB Omni. Exemplos de erros e correções recomendadas
também são apresentados.
O Active Directory não está funcionando
Descrição
O Active Directory não está funcionando no AlloyDB Omni devido a entradas pg_hba.conf incorretas. Se as entradas adicionadas ao arquivo pg_hba.conf não forem válidas, o AlloyDB para PostgreSQL as ignorará. Como
resultado, o mecanismo de autenticação especificado não vai funcionar.
Correção recomendada
Para conferir a mensagem de erro, incluindo informações sobre como resolver o problema,
faça login em psql e execute o seguinte comando:
[[["Fácil de entender","easyToUnderstand","thumb-up"],["Meu problema foi resolvido","solvedMyProblem","thumb-up"],["Outro","otherUp","thumb-up"]],[["Difícil de entender","hardToUnderstand","thumb-down"],["Informações incorretas ou exemplo de código","incorrectInformationOrSampleCode","thumb-down"],["Não contém as informações/amostras de que eu preciso","missingTheInformationSamplesINeed","thumb-down"],["Problema na tradução","translationIssue","thumb-down"],["Outro","otherDown","thumb-down"]],["Última atualização 2025-09-04 UTC."],[],[],null,["Select a documentation version: 16.3.0keyboard_arrow_down\n\n- [Current (16.8.0)](/alloydb/omni/kubernetes/current/docs/troubleshoot-active-directory-integration)\n- [16.8.0](/alloydb/omni/kubernetes/16.8.0/docs/troubleshoot-active-directory-integration)\n- [16.3.0](/alloydb/omni/kubernetes/16.3.0/docs/troubleshoot-active-directory-integration)\n\n\u003cbr /\u003e\n\n|\n| **Preview\n| --- [AlloyDB Omni](/alloydb/omni/kubernetes/16.3.0/docs/overview)**\n|\n|\n| This feature is\n|\n| subject to the \"Pre-GA Offerings Terms\" in the General Service Terms section of the\n| [Service Specific Terms](/terms/service-terms#1).\n|\n| You can process personal data for\n|\n| this feature\n|\n| as outlined in the\n| [Cloud Data Processing\n| Addendum](/terms/data-processing-addendum), subject to the obligations and restrictions described in the agreement under\n| which you access Google Cloud.\n|\n| Pre-GA features are available \"as is\" and might have limited support.\n|\n| For more information, see the\n| [launch stage descriptions](/products#product-launch-stages).\n\nThis document describes errors you might encounter when you integrate Active\nDirectory in AlloyDB Omni. Examples of errors and recommended\nfixes are also provided.\n\nActive Directory isn't working\n\n**Description**\n\nActive Directory isn't working in AlloyDB Omni, which is caused\nby incorrect `pg_hba.conf` entries. If the entries that you added to the\n`pg_hba.conf` file aren't valid, AlloyDB for PostgreSQL ignores those entries. As a\nresult, the specified authentication mechanism won't work.\n\n**Recommended fix**\n\nTo view the error message, including information about how to resolve the issue,\nsign into `psql` and run the following command: \n\n docker exec -it alloydb_docs psql -h localhost -U postgres\n psql (16.3)\n Type \"help\" for help.\n postgres=# table pg_hba_file_rules ;\n rule_number | file_name | line_number | type | database | user_name | address | netmask | auth_method | options | error\n -------------+--------------------------------------+-------------+---------+----------+--------------------+-----------+-----------------------------------------+-------------+--------------------------+-----------------------------------------------------\n 1 | /var/lib/postgresql/data/pg_hba.conf | 1 | host | {all} | {alloydbadmin} | 127.0.0.1 | 255.255.255.255 | trust | |\n | /var/lib/postgresql/data/pg_hba.conf | 2 | hostssl | {all} | {alloydbadmin} | ::1 | ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff | trust | | hostssl record cannot match because SSL is disabled\n | /var/lib/postgresql/data/pg_hba.conf | 3 | hostssl | {all} | {alloydbpgbouncer} | 0.0.0.0 | 0.0.0.0 | cert | {clientcert=verify-full} | hostssl record cannot match because SSL is disabled\n | /var/lib/postgresql/data/pg_hba.conf | 4 | hostssl | {all} | {alloydbpgbouncer} | ::1 | ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff | cert | {clientcert=verify-full} | hostssl record cannot match because SSL is disabled\n | /var/lib/postgresql/data/pg_hba.conf | 5 | hostssl | {all} | {alloydbadmin} | all | | reject | | hostssl record cannot match because SSL is disabled\n | /var/lib/postgresql/data/pg_hba.conf | 6 | | | | | | | | invalid CIDR mask in address \"0.0.0.0/1000\"\n 2 | /var/lib/postgresql/data/pg_hba.conf | 7 | local | {all} | {all} | | | trust | |\n\n| **Note:** For more information about this issue, open the `postgres.log` file.\n\npsql: error: connection to server on socket \"/tmp/.s.PGSQL.5432\" failed: FATAL: role \"user2\" does not exist\n\n**Description**\n\nThis error occurs when a system user, who is trying to connect, doesn't have a\nPostgreSQL user created, or doesn't have a role mapped.\n\n**Recommended fix**\n\nCreate a role in PostgreSQL with the required username, or add an entry for this\nuser to the `pg_ident.conf` file. \n\n psql (16.3)\n Type \"help\" for help.\n\n postgres=# CREATE ROLE user2 WITH LOGIN;\n CREATE ROLE\n\nServer restart fails with error: \"could not load /var/lib/postgresql/data/pg_hba.conf\"\"\n\n**Description**\n\nThe server restart failed because the `pg_hba.conf` contains invalid entries.\n\n**Recommended fix**\n\nCheck the `pg_hba.conf` file for invalid entries.\n\nWhat's next\n\n- [Integrate Active Directory with AlloyDB Omni](/alloydb/omni/kubernetes/16.3.0/docs/integrate-active-directory)"]]
