From: | Paul Fisher <paul(dot)fisher(at)mail(dot)rit(dot)edu> |
---|---|
To: | pgsql-general(at)postgresql(dot)org |
Subject: | LDAP TLS certificate error |
Date: | 2009-04-09 02:41:39 |
Message-ID: | grjn94$hf$1@ger.gmane.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
I'm trying to configure Postgres to connect to my university's LDAP
server to authenticate database users. In my pg_hba.conf, I have:
> hostssl all +members 129.21.0.0/16 ldap "ldaps://ldap.rit.edu:636/ou=people,dc=rit,dc=edu;uid="
These are the same connection settings I'm using successfully in Apache.
When I try to connect as an LDAP-authenticated user, I get the
following error in the logs:
> 2009-04-08 22:15:13 EDT LOG: could not start LDAP TLS session: error code -1
> 2009-04-08 22:15:13 EDT FATAL: LDAP authentication failed for user "pkf1214"
I'm not sure why it doesn't want to start TLS. I've got the appropriate
CA certificates listed in my /etc/ldap/ldap.conf:
> TLS_CACERT /etc/ssl/certs/ca-certificates.crt
I'm on Ubuntu, and this file is a concatenated list of all the CA
certificates, including the LDAP server's CA. I've confirmed this
should work under normal circumstances -- if I connect to LDAP in, say,
Python, startTLS works just fine.
Any ideas? Is there a way I can turn on extra debugging to get out a
more detailed error message?
Thanks in advance!
Paul Fisher
From | Date | Subject | |
---|---|---|---|
Next Message | Eric Smith | 2009-04-09 03:29:26 | existence of column name |
Previous Message | Jeff Brenton | 2009-04-09 02:28:54 | Re: database corruption |