Re: [Non-DoD Source] Re: Postgres user authentication with secure LDAP

https://www.postgresql.org/docs/9.5/static/auth-methods.html#AUTH-LDAP

"The ldaps URL scheme (direct SSL connection) is not supported."

It doesn't appear "LDAPS" is supported in Postgres 9.5.

________________________________________
From: pgsql-admin-owner(at)postgresql(dot)org [pgsql-admin-owner(at)postgresql(dot)org] on behalf of Tang, Ronald K CIV FNMOC, N6 [ronald(dot)k(dot)tang(at)navy(dot)mil]
Sent: Friday, August 11, 2017 9:00 AM
To: 'Peter Eisentraut'; 'pgsql-admin(at)postgresql(dot)org'
Subject: Re: [Non-DoD Source] Re: [ADMIN] Postgres user authentication with secure LDAP

I am responding to all replies in this single email. Thanks for all your response.

>> The ldapserver= attribute takes a host name, not a URL.
Thanks. I tried that too. If I omit the ldaps:// the response is server not found.

>> What OS is your server running, and what OS is your client running?
RedHat Linux (RHEL 6), both client and server. Postgres 9.5.6

>> Well, first off, you're on the wrong port for LDAPS://
Default port for LDAPS:// is 636. I verified with "ldapsearch" tool that it works with that port.

Thanks,
Ron

-----Original Message-----
From: Peter Eisentraut [mailto:peter(dot)eisentraut(at)2ndquadrant(dot)com]
Sent: Thursday, August 10, 2017 8:05 PM
To: Tang, Ronald K CIV FNMOC, N6; pgsql-admin(at)postgresql(dot)org
Subject: [Non-DoD Source] Re: [ADMIN] Postgres user authentication with secure LDAP

On 8/10/17 17:02, Tang, Ronald K CIV FNMOC, N6 wrote:
> I am trying to configure my Postgres server to use LDAP for authentication. My pg_hba.conf config line is:
>
> ldap ldapserver=ldaps://myldaps.company.com ldapport=636 ldaptls=1 ldapprefix="uid=" ldapsuffix=",ou=People,o=my.company.com"

The ldapserver= attribute takes a host name, not a URL.

--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services