On Mon, 17 Feb 2014 14:18:40 -0500 Tom Lane <t...@sss.pgh.pa.us> wrote:
> Jim Seymour <jseym...@linxnet.com> writes: > > Tried to upgrade from 8.2.21 to 8.4.19 this morning and ran into a > > wall: It would appear the > > hostssl all all 0.0.0.0/0 ldap "ldaps://..." > > syntax is no longer supported? > > The 8.4 release notes say that there were incompatible changes in the > format of pg_hba.conf entries for LDAP authentication, and this is > one: you're supposed to use the ldaptls option now. Yes, I saw that, but when I tried ldap ldapserver=... ldapport=636 ldaptls=1 it failed. > > AFAICS from the relevant commit (7356381ef), there is no change in > functionality between what we did for "ldaps:" and what we do now > for "ldaptls". That very well could be. I always *assumed* that "ldaps://" meant it was doing SSL on port 636. After all: That's what SMTPS means, for example. But I got to thinking, and looking at my OpenLDAP config and thought "Hmmm... I wonder...?" and removed "ldapport=636" from my pg_hba.conf and, lo and behold, it worked! Thanks for the follow-up, Tom. Regards, Jim -- Note: My mail server employs *very* aggressive anti-spam filtering. If you reply to this email and your email is rejected, please accept my apologies and let me know via my web form at <http://jimsun.LinxNet.com/contact/scform.php>. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers