0

Haven’t had much luck while trying several ways to implement LDAPS for PostgreSQL.

pg_hba.conf

hostssl all +test_ldap 0.0.0.0/0 ldap ldapserver=dc2.ad.foobar.com ldapport=636 ldapscheme=ldaps ldaptls=0 ldapbinddn="CN=ldap,OU=Helpers,OU=Foobar,DC=ad,DC=foobar,DC=com" ldapbindpasswd=*** ldapsearchattribute=mail ldapbasedn="OU=Users,OU=Foobar,DC=ad,DC=foobar,DC=com"

Upon research, I found out that the below params are to be changed.

postgresql.conf

ssl = on
ssl_cert_file = 'server.crt'
ssl_key_file = 'server.key'

The question is how do I get .crt and .key from the .pem certificate that I already have (shared by LDAP team). Apart from these what else needs to be done to make it work with LDAPS (SSL/TLS).

Improve this question

1 Answer 1

Reset to default
1

The solution is to use ldaptls=1.

Per the documentation:

ldaptls

Set to 1 to make the connection between PostgreSQL and the LDAP server use TLS encryption. This uses the StartTLS operation per RFC 4513. See also the ldapscheme option for an alternative.

I don't know what happens if you set both options to contradictory values, but it may well be the problem.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

While this code snippet may solve the problem, it doesn't explain why or how it answers the question. Please include an explanation for your code, as that really helps to improve the quality of your post. Remember that you are answering the question for readers in the future, and those people might not know the reasons for your code suggestion.
@LucaKiebel I have extended the answer.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.