Re: LDAP authentication not working

On Wed, May 14, 2014 at 8:35 AM, Stephan Fabel <sfabel(at)hawaii(dot)edu> wrote:

> I don't think SSL support for LDAP is supported. Have you tried TLS on
> port 389?
>

Correct, and you need to set ldaptls=1 to use that as well.

(And yes, unfortunately the LDAP error messages from openldap are
notoriously bad)

//Magnus

> On May 13, 2014 8:20 PM, "Jürgen Fuchsberger" <
> juergen(dot)fuchsberger(at)uni-graz(dot)at> wrote:
>
>> Hi,
>>
>> I'm running postgresql 9.1 on Debian and am trying to set up LDAP
>> authentication using the following configuration in pg_hba.conf:
>>
>> hostssl testdb all 143.50.203.0/24 ldap ldapserver="
>> wegc24.uni-graz.at"
>> ldapport=636 ldapbinddn="cn=nss,dc=uni-graz,dc=at"
>> ldapbindpasswd="<thepasswd>" ldapbasedn="dc=uni-graz,dc=at"
>>
>>
>> Trying to access testdb via psql fails with the following error in the
>> log:
>> '''could not perform initial LDAP bind for ldapbinddn
>> "cn=nss,dc=uni-graz,dc=at" on server "wegc24.uni-graz.at": error code
>> -1'''
>>
>> Unfortunately I did not find what error code -1 means.
>>
>> Ldapsearch works fine:
>> > ldapsearch -W -H ldaps://wegc24.uni-graz.at:636/ -D
>> "CN=nss,DC=uni-graz,DC=at"
>>
>> Interesting is also, that postgres seems to not even reach the ldap
>> server: If I change parameter ldapserver to a non-existing url it gives
>> the same error code -1.
>>
>> Any help much appreciated!
>>
>> Best,
>> Juergen
>>
>>

--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/