On Mon, 17 Feb 2014 14:18:40 -0500
Tom Lane t...@sss.pgh.pa.us wrote:
Jim Seymour jseym...@linxnet.com writes:
Tried to upgrade from 8.2.21 to 8.4.19 this morning and ran into a
wall: It would appear the
hostssl all all 0.0.0.0/0 ldap ldaps://...
syntax is no longer supported?
The 8.4 release notes say that there were incompatible changes in the
format of pg_hba.conf entries for LDAP authentication, and this is
one: you're supposed to use the ldaptls option now.
Yes, I saw that, but when I tried
ldap ldapserver=... ldapport=636 ldaptls=1
it failed.
AFAICS from the relevant commit (7356381ef), there is no change in
functionality between what we did for ldaps: and what we do now
for ldaptls.
That very well could be. I always *assumed* that ldaps:// meant it
was doing SSL on port 636. After all: That's what SMTPS means, for
example. But I got to thinking, and looking at my OpenLDAP config and
thought Hmmm... I wonder...? and removed ldapport=636 from my
pg_hba.conf and, lo and behold, it worked!
Thanks for the follow-up, Tom.
Regards,
Jim
--
Note: My mail server employs *very* aggressive anti-spam
filtering. If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at http://jimsun.LinxNet.com/contact/scform.php.
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers