On Wed, May 14, 2014 at 8:35 AM, Stephan Fabel <sfa...@hawaii.edu> wrote:
> I don't think SSL support for LDAP is supported. Have you tried TLS on > port 389? > Correct, and you need to set ldaptls=1 to use that as well. (And yes, unfortunately the LDAP error messages from openldap are notoriously bad) //Magnus > On May 13, 2014 8:20 PM, "Jürgen Fuchsberger" < > juergen.fuchsber...@uni-graz.at> wrote: > >> Hi, >> >> I'm running postgresql 9.1 on Debian and am trying to set up LDAP >> authentication using the following configuration in pg_hba.conf: >> >> hostssl testdb all 143.50.203.0/24 ldap ldapserver=" >> wegc24.uni-graz.at" >> ldapport=636 ldapbinddn="cn=nss,dc=uni-graz,dc=at" >> ldapbindpasswd="<thepasswd>" ldapbasedn="dc=uni-graz,dc=at" >> >> >> Trying to access testdb via psql fails with the following error in the >> log: >> '''could not perform initial LDAP bind for ldapbinddn >> "cn=nss,dc=uni-graz,dc=at" on server "wegc24.uni-graz.at": error code >> -1''' >> >> Unfortunately I did not find what error code -1 means. >> >> Ldapsearch works fine: >> > ldapsearch -W -H ldaps://wegc24.uni-graz.at:636/ -D >> "CN=nss,DC=uni-graz,DC=at" >> >> Interesting is also, that postgres seems to not even reach the ldap >> server: If I change parameter ldapserver to a non-existing url it gives >> the same error code -1. >> >> Any help much appreciated! >> >> Best, >> Juergen >> >> -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/