On Wed, May 14, 2014 at 11:48 AM, Jürgen Fuchsberger <juergen.fuchsberger@xxxxxxxxxxx> wrote:
On 05/14/2014 09:10 AM, Magnus Hagander wrote:
> On Wed, May 14, 2014 at 8:35 AM, Stephan Fabel <sfabel@xxxxxxxxxx
> <mailto:sfabel@xxxxxxxxxx>> wrote:Thanks for the hint, no wonder it does not work. Unfortunately this info
>
> I don't think SSL support for LDAP is supported. Have you tried TLS
> on port 389?
>
is not in the postgres documentation.
It is - indirectly, in the ldapurl documentation. "To use encrypted LDAP connections, the ldaptls option has to be used in addition to ldapurl. The ldaps URL scheme (direct SSL connection) is not supported."
But maybe it could be made more clear...
>This does not work with our LDAP server (seems it is not configured to
> Correct, and you need to set ldaptls=1 to use that as well.
support TLS)
That's strangely configured. The LDAP TLS support (in the protocol) is the standardized one, and the "SSL wrapper" mode is not in the standard.
I *think* the "SSL wrapper" really is just that - wrap it in a standard SSL connection. In which case it might work if you set up stunnel or something like that to proxy the connection for you.
Any idea whether LDAP over SSL will be supported in future postgres
releases?
I am not aware of any such plans, but if you (or somebody else) is willing to write a patch, I don't see a reason it would be rejected. Even though it's non-standard, it's fairly widespread. I recall there being a reason it wasn't added in the first place, but I don't recall what it was.
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
