How do I set up postgresql 9.1 on Ubuntu server 12.04 to use LDAP authentication over SSL against a Windows AD server.
Client SSL is set up and works in postgresql.
LDAP without SSL works.
In pg_hba.conf I have this:
hostssl ldaptest all 0.0.0.0/0 ldap ldapserver="myldapserver.local" ldapprefix="cn=" ldapsuffix=", ou=TestOU, dc=sub, dc=example, dc=local"
I am able to connect with psql, though passwords are sent unencrypted as expected.
If I set it to use TLS on normal port (389):
hostssl ldaptest all 0.0.0.0/0 ldap ldapserver="myldapserver.local" ldapprefix="cn=" ldapsuffix=", ou=TestOU, dc=sub, dc=example, dc=local" ldaptls=1
I get:
could not start LDAP TLS session: error code -11
If I set it to use the LDAPS port (636) to use SSL:
hostssl ldaptest all 0.0.0.0/0 ldap ldapserver="myldapserver.local" ldapprefix="cn=" ldapsuffix=", ou=TestOU, dc=sub, dc=example, dc=local" ldaptls=0 ldapport=636
I get:
LDAP login failed for user "cn=Teszt User,ou=TestOU,dc=sub,dc=example,dc=local" on server "ratotdc.okologia.mta.local": error code -1
If I turn on both TLS and set the port to 636 I get:
could not start LDAP TLS session: error code -11
I have the server certificate in my ldap.conf:
TLS_CACERT /root/certs/infolabtest_cert.cer
ldapsearch works over SSL and returns correct results:
ldapsearch -W -H ldaps://myldapserver:636/ -D "CN=Teszt User,OU=TestOU,DC=sub,DC=example,DC=local" -b "ou=testou,dc=sub,dc=example,dc=local" "CN"
Any idea is welcome.