LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 10-04-2011, 10:56 AM   #1
lefty.crupps
Member
 
Registered: Apr 2005
Location: Minneap USA
Distribution: Debian, Mepis, Sidux
Posts: 470

Rep: Reputation: 32
Unhappy PostgreSQL auth over LDAPS: "could not start LDAP TLS session: error code -1"


I am trying to get PostgreSQL to authenticate over LDAPS on another server; the PostgreSQL server is Debian 6.0.2 (Squeeze), x64, fully updated as of today:

Package: postgresql
Version: 8.4.8-0squeeze2

Package: gnutls-bin
Version: 2.8.6-1

Followed much of the info from here for my PostgreSQL setup:
http://www.stuartellis.eu/articles/postgresql-setup/

I can get LDAP authentication working, but not LDAPS (/etc/postgresql/8.4/main/pg_hba.conf)
Code:
## This works but isn't encrypted:
local   all         all                               ldap ldapserver=auth.mydomain.net ldapport=389 ldaptls=0 ldapprefix="uid=" ldapsuffix=",ou=People,dc=mydomain,dc=net"

## Hoping to get this working:
# local   all         all                               ldap ldapserver=auth.mydomain.net ldapport=636 ldaptls=1 ldapprefix="uid=" ldapsuffix=",ou=People,dc=mydomain,dc=net"
The error when I try with LDAPS is:
Code:
2011-09-30 14:05:33 CDT LOG:  could not start LDAP TLS session: error code -1
2011-09-30 14:05:33 CDT FATAL:  LDAP authentication failed for user "username"
I can connect to that Auth server on port 636:
Code:
root@pgsql:~# telnet auth.mydomain.net 636
Trying 67.139.30.51...
Connected to auth.mydomain.net.
Escape character is '^]'.
^]
telnet> quit
Connection closed.
root@pgsql:~#
That server is authenticating over LDAPS port 636 for normal uses, but I cannot get PostgreSQL itself to do so. Can anyone assist please?

Last edited by lefty.crupps; 10-04-2011 at 11:04 AM.
 
Old 10-05-2011, 04:13 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
are you dealing with ldaps or ldap w/ tls?? using a tls session, with startls, this will use port 389 and convert to an encrypted session, unlike an ssl session on 636 where it's ssl from the very very start.
 
Old 10-06-2011, 02:44 PM   #3
lefty.crupps
Member
 
Registered: Apr 2005
Location: Minneap USA
Distribution: Debian, Mepis, Sidux
Posts: 470

Original Poster
Rep: Reputation: 32
I'd like to deal with LDAPS on port 636 using SSLs.
 
Old 10-07-2011, 04:22 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
right, so don't try to use tls then. From a minute on google it looks like you would want to use an ldaps:// style url instead: http://wiki.postgresql.org/wiki/LDAP...ion_against_AD
 
  


Reply

Tags
debian, ldap, ldaps, postgresql, squeeze


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Facing error while running "g++ 3.4.4" code in "g++ 4.3.3" Suranjit Ubuntu 2 10-09-2009 12:22 AM
LDAP with "Start TLS" vs SSL one71 Linux - Server 3 06-03-2008 08:34 AM
sunbird 0.3 does not start, error: Segmentation fault : "$prog" ${1+"$@"} polemon Ubuntu 8 01-08-2007 05:22 AM
"mythtv-setup" giving "Session management error: Authentication Rejected" Mitchua Ubuntu 0 10-09-2005 05:32 PM
Postgresql error FATAL: user "root" does not exist" cgetty Ubuntu 4 06-21-2005 03:11 PM


All times are GMT -5. The time now is 05:13 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration