yes, shortly after i sent this out to the list, one of our security administrators suggested ldapscheme. I just tested and ldapurl works as well.
the security admin explained it like this:
"since we are using port 636 I know that it needs the TLS connection in place before LDAP commands. starttls does the opposite. allows an LDAP connection to "upgrade" to TLS. so the previous errors were simply it unable to connect to server."
i'm guessing information like that doesn't belong in postgresql documentation but it would have been useful yesterday. :)
thanks for the response! i just recently made the switch to postgresql after 20 years of mainly Oracle. during that time, the oracle-l mailing list was invaluable as a learning tool and as a way to get help when needed. it's great to know there's a similar mailing list in the postgresql community!
On Tue, Jun 9, 2020 at 9:05 AM Chris Stephens <cstephens16@gmail.com> wrote:
> hostssl all all 0.0.0.0/0 ldap ldapserver="ldaps://xxx" ldapbasedn="yyy" ldaptls=1
> does anyone know what might be causing "LDAP: Bad parameter to an ldap routine"
You probably want ldapurl="ldaps://xxx" (note: ldapurl, not
ldapserver). Or you could use ldapscheme="ldaps" and
ldapserver="xxx".