LDAP TLS certificate error

From: Paul Fisher <paul(dot)fisher(at)mail(dot)rit(dot)edu>
To: pgsql-general(at)postgresql(dot)org
Subject: LDAP TLS certificate error
Date: 2009-04-09 02:41:39
Message-ID: grjn94$hf$1@ger.gmane.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

I'm trying to configure Postgres to connect to my university's LDAP
server to authenticate database users. In my pg_hba.conf, I have:

> hostssl all +members 129.21.0.0/16 ldap "ldaps://ldap.rit.edu:636/ou=people,dc=rit,dc=edu;uid="

These are the same connection settings I'm using successfully in Apache.
When I try to connect as an LDAP-authenticated user, I get the
following error in the logs:

> 2009-04-08 22:15:13 EDT LOG: could not start LDAP TLS session: error code -1
> 2009-04-08 22:15:13 EDT FATAL: LDAP authentication failed for user "pkf1214"

I'm not sure why it doesn't want to start TLS. I've got the appropriate
CA certificates listed in my /etc/ldap/ldap.conf:

> TLS_CACERT /etc/ssl/certs/ca-certificates.crt

I'm on Ubuntu, and this file is a concatenated list of all the CA
certificates, including the LDAP server's CA. I've confirmed this
should work under normal circumstances -- if I connect to LDAP in, say,
Python, startTLS works just fine.

Any ideas? Is there a way I can turn on extra debugging to get out a
more detailed error message?

Thanks in advance!
Paul Fisher

Browse pgsql-general by date

  From Date Subject
Next Message Eric Smith 2009-04-09 03:29:26 existence of column name
Previous Message Jeff Brenton 2009-04-09 02:28:54 Re: database corruption