Re: [Non-DoD Source] Re: [ADMIN] Postgres user authentication withsecure LDAP

https://www.postgresql.org/docs/9.5/static/auth-methods.html#AUTH-LDAP

"The ldaps URL scheme (direct SSL connection) is not supported."

It doesn't appear "LDAPS" is supported in Postgres 9.5.

________________________________________
From: pgsql-admin-owner@postgresql.org [pgsql-admin-owner@postgresql.org] on behalf of Tang, Ronald K CIV FNMOC, N6
[ronald.k.tang@navy.mil]
Sent: Friday, August 11, 2017 9:00 AM
To: 'Peter Eisentraut'; 'pgsql-admin@postgresql.org'
Subject: Re: [Non-DoD Source] Re: [ADMIN] Postgres user authentication with secure LDAP

I am responding to all replies in this single email. Thanks for all your response.

>> The ldapserver= attribute takes a host name, not a URL.
Thanks. I tried that too. If I omit the ldaps://  the response is server not found.

>> What OS is your server running, and what OS is your client running?
RedHat Linux (RHEL 6), both client and server. Postgres 9.5.6

 >> Well, first off, you're on the wrong port for LDAPS://
Default port for LDAPS:// is 636. I verified with "ldapsearch" tool  that it works with that port.

Thanks,
Ron

-----Original Message-----
From: Peter Eisentraut [mailto:peter.eisentraut@2ndquadrant.com]
Sent: Thursday, August 10, 2017 8:05 PM
To: Tang, Ronald K CIV FNMOC, N6; pgsql-admin@postgresql.org
Subject: [Non-DoD Source] Re: [ADMIN] Postgres user authentication with secure LDAP

On 8/10/17 17:02, Tang, Ronald K CIV FNMOC, N6 wrote:
> I am trying to configure my Postgres server to use LDAP for authentication. My pg_hba.conf config line is:
>
> ldap ldapserver=ldaps://myldaps.company.com ldapport=636 ldaptls=1  ldapprefix="uid="
ldapsuffix=",ou=People,o=my.company.com"

The ldapserver= attribute takes a host name, not a URL.

--
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services