From: | Chris Stephens <cstephens16(at)gmail(dot)com> |
---|---|
To: | Thomas Munro <thomas(dot)munro(at)gmail(dot)com> |
Cc: | "pgsql-generallists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
Subject: | Re: troubleshooting postgresql ldap authentication |
Date: | 2020-06-09 12:24:52 |
Message-ID: | CAEFL0syuOqwZj6jFiOERRw8Vk3sbBCMuakCrLYSi8enj0rnwQA@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
yes, shortly after i sent this out to the list, one of our security
administrators suggested ldapscheme. I just tested and ldapurl works as
well.
the security admin explained it like this:
"since we are using port 636 I know that it needs the TLS connection in
place before LDAP commands. starttls does the opposite. allows an LDAP
connection to "upgrade" to TLS. so the previous errors were simply it
unable to connect to server."
i'm guessing information like that doesn't belong in postgresql
documentation but it would have been useful yesterday. :)
thanks for the response! i just recently made the switch to postgresql
after 20 years of mainly Oracle. during that time, the oracle-l mailing
list was invaluable as a learning tool and as a way to get help
when needed. it's great to know there's a similar mailing list in the
postgresql community!
On Mon, Jun 8, 2020 at 7:41 PM Thomas Munro <thomas(dot)munro(at)gmail(dot)com> wrote:
> On Tue, Jun 9, 2020 at 9:05 AM Chris Stephens <cstephens16(at)gmail(dot)com>
> wrote:
> > hostssl all all 0.0.0.0/0 ldap
> ldapserver="ldaps://xxx" ldapbasedn="yyy" ldaptls=1
>
> > does anyone know what might be causing "LDAP: Bad parameter to an ldap
> routine"
>
> You probably want ldapurl="ldaps://xxx" (note: ldapurl, not
> ldapserver). Or you could use ldapscheme="ldaps" and
> ldapserver="xxx".
>
From | Date | Subject | |
---|---|---|---|
Next Message | Stephen Frost | 2020-06-09 12:29:44 | Re: troubleshooting postgresql ldap authentication |
Previous Message | Koen De Groote | 2020-06-09 12:23:51 | Re: Index no longer being used, destroying and recreating it restores use. |