Participants
Brian Topping
Brian Topping
Bruce Momjian
Bruce Momjian
Magnus Hagander
Magnus Hagander
Attachments
Show all attachments
Thread Outline
#1Brian ToppingBrian Topping
Mar 07, 2007
#2Bruce MomjianBruce Momjianto Brian Topping (#1)
Mar 24, 2007
#3Magnus HaganderMagnus Haganderto Bruce Momjian (#2)
Mar 24, 2007

BUG #3123: Problem with LDAP auth strings

Started by Brian Toppingabout 19 years ago3 messagesbugs
Jump to latest
#1Brian Topping
Brian Topping
topping@codehaus.org

The following bug has been logged online:

Bug reference: 3123
Logged by: Brian Topping
Email address: topping@codehaus.org
PostgreSQL version: 8.2
Operating system: Linux
Description: Problem with LDAP auth strings
Details:

http://www.mail-archive.com/pgsql-general@postgresql.org/msg92652.html
outlines a bit of it.

The options to the ldap auth method in pg_hba.conf doesn't work properly.
The dn base is completely ignored, and the suffix has all the commas parsed
out of it for some reason.

If it were working correctly, the base dn would be concatenated with the
prefix and the username to create the correct DN to send to the server. The
suffix should not strictly be necessary.

#2Bruce Momjian
Bruce Momjian
bruce@momjian.us
In reply to: Brian Topping (#1)
Re: BUG #3123: Problem with LDAP auth strings

I have researched this and the incorrect behavior seems to be totally
caused by the fact that unquoted commas are treated as item separators
in pg_hba.conf.

I have updated the documentation in 8.2 and CVS HEAD to indicate that
the LDAP URL should be double-quoted, and double-quoted the example URL
for emphasis.

If double-quoting does not 100% fix your problem, please let us know.
Thanks.

Documentation patch attached.

---------------------------------------------------------------------------

Brian Topping wrote:

The following bug has been logged online:

Bug reference: 3123
Logged by: Brian Topping
Email address: topping@codehaus.org
PostgreSQL version: 8.2
Operating system: Linux
Description: Problem with LDAP auth strings
Details:

http://www.mail-archive.com/pgsql-general@postgresql.org/msg92652.html
outlines a bit of it.

The options to the ldap auth method in pg_hba.conf doesn't work properly.
The dn base is completely ignored, and the suffix has all the commas parsed
out of it for some reason.

If it were working correctly, the base dn would be concatenated with the
prefix and the username to create the correct DN to send to the server. The
suffix should not strictly be necessary.

---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend

--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://www.enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +

Attachments:

/rtmp/difftext/x-diffDownload+8-8
#3Magnus Hagander
Magnus Hagander
magnus@hagander.net
In reply to: Bruce Momjian (#2)
Re: BUG #3123: Problem with LDAP auth strings

Bruce Momjian wrote:

I have researched this and the incorrect behavior seems to be totally
caused by the fact that unquoted commas are treated as item separators
in pg_hba.conf.

I have updated the documentation in 8.2 and CVS HEAD to indicate that
the LDAP URL should be double-quoted, and double-quoted the example URL
for emphasis.

If double-quoting does not 100% fix your problem, please let us know.
Thanks.

Documentation patch attached.

I've been working off-list with the other person who reported the same
problem, and for him the problem was fixed with the double quotes. I was
actually just about to start on that documentation update myself, thanks
for taking care of it.

//Magnus

← Back to Topics