Participants
Jim Seymour
Jim Seymour
Tom Lane
Tom Lane
Attachments

No attachments in this thread

Thread Outline
#1Jim SeymourJim Seymour
Feb 17, 2014
#2Tom LaneTom Laneto Jim Seymour (#1)
Feb 17, 2014
#3Jim SeymourJim Seymourto Tom Lane (#2)
Feb 17, 2014

8.2 -> 8.4 Upgrade: No More "ldaps://"?

Started by Jim Seymouralmost 12 years ago3 messages
#1Jim Seymour
Jim Seymour
jseymour@LinxNet.com

Hi There,

Tried to upgrade from 8.2.21 to 8.4.19 this morning and ran into a
wall: It would appear the

hostssl all all 0.0.0.0/0 ldap "ldaps://..."

syntax is no longer supported?

Searched. Asked on the IRC channel. It would seem that in 8.4.x
there's no way to perform a "straight SSL" (not TLS) connect to an LDAP
server anymore?

Thanks,
Jim
--
Note: My mail server employs *very* aggressive anti-spam
filtering. If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php&gt;.

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

#2Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: Jim Seymour (#1)
Re: 8.2 -> 8.4 Upgrade: No More "ldaps://"?

Jim Seymour <jseymour@LinxNet.com> writes:

Tried to upgrade from 8.2.21 to 8.4.19 this morning and ran into a
wall: It would appear the
hostssl all all 0.0.0.0/0 ldap "ldaps://..."
syntax is no longer supported?

The 8.4 release notes say that there were incompatible changes in the
format of pg_hba.conf entries for LDAP authentication, and this is one:
you're supposed to use the ldaptls option now.

AFAICS from the relevant commit (7356381ef), there is no change in
functionality between what we did for "ldaps:" and what we do now
for "ldaptls".

regards, tom lane

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

#3Jim Seymour
Jim Seymour
jseymour@LinxNet.com
In reply to: Tom Lane (#2)
Re: 8.2 -> 8.4 Upgrade: No More "ldaps://"?

On Mon, 17 Feb 2014 14:18:40 -0500
Tom Lane <tgl@sss.pgh.pa.us> wrote:

Jim Seymour <jseymour@LinxNet.com> writes:

Tried to upgrade from 8.2.21 to 8.4.19 this morning and ran into a
wall: It would appear the
hostssl all all 0.0.0.0/0 ldap "ldaps://..."
syntax is no longer supported?

The 8.4 release notes say that there were incompatible changes in the
format of pg_hba.conf entries for LDAP authentication, and this is
one: you're supposed to use the ldaptls option now.

Yes, I saw that, but when I tried

ldap ldapserver=... ldapport=636 ldaptls=1

it failed.

AFAICS from the relevant commit (7356381ef), there is no change in
functionality between what we did for "ldaps:" and what we do now
for "ldaptls".

That very well could be. I always *assumed* that "ldaps://" meant it
was doing SSL on port 636. After all: That's what SMTPS means, for
example. But I got to thinking, and looking at my OpenLDAP config and
thought "Hmmm... I wonder...?" and removed "ldapport=636" from my
pg_hba.conf and, lo and behold, it worked!

Thanks for the follow-up, Tom.

Regards,
Jim
--
Note: My mail server employs *very* aggressive anti-spam
filtering. If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php&gt;.

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

← Back to Topics