I'm trying to configure Postgres to connect to my university's LDAP
server to authenticate database users. In my pg_hba.conf, I have:
> hostssl all +members 129.21.0.0/16 ldap "ldaps://ldap.rit.edu:636/ou=people,dc=rit,dc=edu;uid="
These are the same connection settings I'm using successfully in Apache.
When I try to connect as an LDAP-authenticated user, I get the
following error in the logs:
> 2009-04-08 22:15:13 EDT LOG: could not start LDAP TLS session: error code -1
> 2009-04-08 22:15:13 EDT FATAL: LDAP authentication failed for user "pkf1214"
I'm not sure why it doesn't want to start TLS. I've got the appropriate
CA certificates listed in my /etc/ldap/ldap.conf:
> TLS_CACERT /etc/ssl/certs/ca-certificates.crt
I'm on Ubuntu, and this file is a concatenated list of all the CA
certificates, including the LDAP server's CA. I've confirmed this
should work under normal circumstances -- if I connect to LDAP in, say,
Python, startTLS works just fine.
Any ideas? Is there a way I can turn on extra debugging to get out a
more detailed error message?
Thanks in advance!
Paul Fisher
