I'm looking for some help with setting up LDAP-Auth.
Scenaria is:
- Computer in Windows Domain runs postgreSQL
- The AD-DC is using a self-signed certificate
- That cert is already imported to trusted root cert store on that computer
- LDAP auth without encryption does work fine
(
ldap ldapserver=???.???.???.de ldaptls=0
ldapbasedn="CN=Users,DC=???,DC=???,DC=???"
ldapbinddn="CN=prodatbind,CN=Users,DC=???,DC=???,DC=???"
ldapbindpasswd="???" ldapsearchattribute="sAMAccountName"
)
- i'm trying to logon as prodatadmin (prodatbind account is just for the
ldap-bind)
- Now either tls or ldaps needs to be activated
If i change to tls=1 i get the errormessage:
2021-05-21 13:38:35.639 CEST [968] LOG: could not start LDAP TLS
session: Lokaler Fehler
2021-05-21 13:38:35.639 CEST [968] DETAIL: LDAP diagnostics: Lokaler Fehler
2021-05-21 13:38:35.640 CEST [968] FATAL: LDAP authentication failed
for user "prodatadmin"
Lokaler Fehler -> local error
if i change to ldaps i get the errormessage:
2021-05-21 13:41:34.759 CEST [13412] LOG: could not perform initial
LDAP bind for ldapbinddn "CN=prodatbind,CN=Users,DC=???,DC=???,DC=???"
on server "???.???.???.???": Server heruntergefahren
2021-05-21 13:41:34.759 CEST [13412] DETAIL: LDAP diagnostics: Server
heruntergefahren
2021-05-21 13:41:34.760 CEST [13412] FATAL: LDAP authentication failed
for user "prodatadmin"
Server heruntergefahren -> Server is down
with ldapadmin (ldapadmin.org) i can connect with ssl or tls. I just get
a warning about the certificate.
So what do i need to do, to get postgrSQL LDAP to accept that certificate?
Thx