[HACKERS] 8.2 - 8.4 Upgrade: No More ldaps://?
Hi There, Tried to upgrade from 8.2.21 to 8.4.19 this morning and ran into a wall: It would appear the hostssl all all 0.0.0.0/0 ldap ldaps://... syntax is no longer supported? Searched. Asked on the IRC channel. It would seem that in 8.4.x there's no way to perform a straight SSL (not TLS) connect to an LDAP server anymore? Thanks, Jim -- Note: My mail server employs *very* aggressive anti-spam filtering. If you reply to this email and your email is rejected, please accept my apologies and let me know via my web form at http://jimsun.LinxNet.com/contact/scform.php. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] 8.2 - 8.4 Upgrade: No More ldaps://?
Jim Seymour jseym...@linxnet.com writes: Tried to upgrade from 8.2.21 to 8.4.19 this morning and ran into a wall: It would appear the hostssl all all 0.0.0.0/0 ldap ldaps://... syntax is no longer supported? The 8.4 release notes say that there were incompatible changes in the format of pg_hba.conf entries for LDAP authentication, and this is one: you're supposed to use the ldaptls option now. AFAICS from the relevant commit (7356381ef), there is no change in functionality between what we did for ldaps: and what we do now for ldaptls. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] 8.2 - 8.4 Upgrade: No More ldaps://?
On Mon, 17 Feb 2014 14:18:40 -0500 Tom Lane t...@sss.pgh.pa.us wrote: Jim Seymour jseym...@linxnet.com writes: Tried to upgrade from 8.2.21 to 8.4.19 this morning and ran into a wall: It would appear the hostssl all all 0.0.0.0/0 ldap ldaps://... syntax is no longer supported? The 8.4 release notes say that there were incompatible changes in the format of pg_hba.conf entries for LDAP authentication, and this is one: you're supposed to use the ldaptls option now. Yes, I saw that, but when I tried ldap ldapserver=... ldapport=636 ldaptls=1 it failed. AFAICS from the relevant commit (7356381ef), there is no change in functionality between what we did for ldaps: and what we do now for ldaptls. That very well could be. I always *assumed* that ldaps:// meant it was doing SSL on port 636. After all: That's what SMTPS means, for example. But I got to thinking, and looking at my OpenLDAP config and thought Hmmm... I wonder...? and removed ldapport=636 from my pg_hba.conf and, lo and behold, it worked! Thanks for the follow-up, Tom. Regards, Jim -- Note: My mail server employs *very* aggressive anti-spam filtering. If you reply to this email and your email is rejected, please accept my apologies and let me know via my web form at http://jimsun.LinxNet.com/contact/scform.php. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers