From: | Jim Seymour <jseymour(at)LinxNet(dot)com> |
---|---|
To: | pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: 8.2 -> 8.4 Upgrade: No More "ldaps://"? |
Date: | 2014-02-17 19:33:03 |
Message-ID: | 20140217143303.2b266078@win0091 |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Mon, 17 Feb 2014 14:18:40 -0500
Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Jim Seymour <jseymour(at)LinxNet(dot)com> writes:
> > Tried to upgrade from 8.2.21 to 8.4.19 this morning and ran into a
> > wall: It would appear the
> > hostssl all all 0.0.0.0/0 ldap "ldaps://..."
> > syntax is no longer supported?
>
> The 8.4 release notes say that there were incompatible changes in the
> format of pg_hba.conf entries for LDAP authentication, and this is
> one: you're supposed to use the ldaptls option now.
Yes, I saw that, but when I tried
ldap ldapserver=... ldapport=636 ldaptls=1
it failed.
>
> AFAICS from the relevant commit (7356381ef), there is no change in
> functionality between what we did for "ldaps:" and what we do now
> for "ldaptls".
That very well could be. I always *assumed* that "ldaps://" meant it
was doing SSL on port 636. After all: That's what SMTPS means, for
example. But I got to thinking, and looking at my OpenLDAP config and
thought "Hmmm... I wonder...?" and removed "ldapport=636" from my
pg_hba.conf and, lo and behold, it worked!
Thanks for the follow-up, Tom.
Regards,
Jim
--
Note: My mail server employs *very* aggressive anti-spam
filtering. If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.
From | Date | Subject | |
---|---|---|---|
Next Message | Emre Hasegeli | 2014-02-17 19:57:42 | Re: GiST support for inet datatypes |
Previous Message | Gavin Flower | 2014-02-17 19:19:56 | Re: Auto-tuning work_mem and maintenance_work_mem |