I am trying to get PostgreSQL to authenticate over LDAPS on another server; the PostgreSQL server is Debian 6.0.2 (Squeeze), x64, fully updated as of today:
Package: postgresql
Version: 8.4.8-0squeeze2
Package: gnutls-bin
Version: 2.8.6-1
Followed much of the info from here for my PostgreSQL setup:
http://www.stuartellis.eu/articles/postgresql-setup/
I can get LDAP authentication working, but not LDAPS (/etc/postgresql/8.4/main/pg_hba.conf)
Code:
## This works but isn't encrypted:
local all all ldap ldapserver=auth.mydomain.net ldapport=389 ldaptls=0 ldapprefix="uid=" ldapsuffix=",ou=People,dc=mydomain,dc=net"
## Hoping to get this working:
# local all all ldap ldapserver=auth.mydomain.net ldapport=636 ldaptls=1 ldapprefix="uid=" ldapsuffix=",ou=People,dc=mydomain,dc=net"
The error when I try with LDAPS is:
Code:
2011-09-30 14:05:33 CDT LOG: could not start LDAP TLS session: error code -1
2011-09-30 14:05:33 CDT FATAL: LDAP authentication failed for user "username"
I can connect to that Auth server on port 636:
Code:
root@pgsql:~# telnet auth.mydomain.net 636
Trying 67.139.30.51...
Connected to auth.mydomain.net.
Escape character is '^]'.
^]
telnet> quit
Connection closed.
root@pgsql:~#
That server is authenticating over LDAPS port 636 for normal uses, but I cannot get PostgreSQL itself to do so. Can anyone assist please?
PostgreSQL auth over LDAPS: "could not start LDAP TLS session: error code -1"
