Am 21.05.21 um 14:02 schrieb Rocco Kreutz:
I'm looking for some help with setting up LDAP-Auth. Scenaria is: - Computer in Windows Domain runs postgreSQL - The AD-DC is using a self-signed certificate- That cert is already imported to trusted root cert store on that computer- LDAP auth without encryption does work fine (ldap ldapserver=???.???.???.de ldaptls=0 ldapbasedn="CN=Users,DC=???,DC=???,DC=???" ldapbinddn="CN=prodatbind,CN=Users,DC=???,DC=???,DC=???" ldapbindpasswd="???" ldapsearchattribute="sAMAccountName")- i'm trying to logon as prodatadmin (prodatbind account is just for the ldap-bind)- Now either tls or ldaps needs to be activated If i change to tls=1 i get the errormessage:2021-05-21 13:38:35.639 CEST [968] LOG: could not start LDAP TLS session: Lokaler Fehler 2021-05-21 13:38:35.639 CEST [968] DETAIL: LDAP diagnostics: Lokaler Fehler 2021-05-21 13:38:35.640 CEST [968] FATAL: LDAP authentication failed for user "prodatadmin"Lokaler Fehler -> local error if i change to ldaps i get the errormessage:2021-05-21 13:41:34.759 CEST [13412] LOG: could not perform initial LDAP bind for ldapbinddn "CN=prodatbind,CN=Users,DC=???,DC=???,DC=???" on server "???.???.???.???": Server heruntergefahren 2021-05-21 13:41:34.759 CEST [13412] DETAIL: LDAP diagnostics: Server heruntergefahren 2021-05-21 13:41:34.760 CEST [13412] FATAL: LDAP authentication failed for user "prodatadmin"Server heruntergefahren -> Server is downwith ldapadmin (ldapadmin.org) i can connect with ssl or tls. I just get a warning about the certificate. So what do i need to do, to get postgrSQL LDAP to accept that certificate?ThxIf both your clients and server are running on Windows, the best authentication method is SSPI.
-- Holger Jakobs, Bergisch Gladbach, Tel. +49-178-9759012
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
