Re: BUG #3123: Problem with LDAP auth strings
От | Bruce Momjian |
---|---|
Тема | Re: BUG #3123: Problem with LDAP auth strings |
Дата | |
Msg-id | 200703242150.l2OLoiX01516@momjian.us обсуждение исходный текст |
Ответ на | BUG #3123: Problem with LDAP auth strings ("Brian Topping" <topping@codehaus.org>) |
Ответы |
Re: BUG #3123: Problem with LDAP auth strings
(Magnus Hagander <magnus@hagander.net>)
|
Список | pgsql-bugs |
I have researched this and the incorrect behavior seems to be totally caused by the fact that unquoted commas are treated as item separators in pg_hba.conf. I have updated the documentation in 8.2 and CVS HEAD to indicate that the LDAP URL should be double-quoted, and double-quoted the example URL for emphasis. If double-quoting does not 100% fix your problem, please let us know. Thanks. Documentation patch attached. --------------------------------------------------------------------------- Brian Topping wrote: > > The following bug has been logged online: > > Bug reference: 3123 > Logged by: Brian Topping > Email address: topping@codehaus.org > PostgreSQL version: 8.2 > Operating system: Linux > Description: Problem with LDAP auth strings > Details: > > http://www.mail-archive.com/pgsql-general@postgresql.org/msg92652.html > outlines a bit of it. > > The options to the ldap auth method in pg_hba.conf doesn't work properly. > The dn base is completely ignored, and the suffix has all the commas parsed > out of it for some reason. > > If it were working correctly, the base dn would be concatenated with the > prefix and the username to create the correct DN to send to the server. The > suffix should not strictly be necessary. > > ---------------------------(end of broadcast)--------------------------- > TIP 6: explain analyze is your friend -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://www.enterprisedb.com + If your life is a hard drive, Christ can be your backup. + Index: doc/src/sgml/client-auth.sgml =================================================================== RCS file: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v retrieving revision 1.97 diff -c -c -r1.97 client-auth.sgml *** doc/src/sgml/client-auth.sgml 31 Jan 2007 20:56:16 -0000 1.97 --- doc/src/sgml/client-auth.sgml 24 Mar 2007 21:44:29 -0000 *************** *** 929,937 **** <synopsis> ldap[<replaceable>s</>]://<replaceable>servername</>[:<replaceable>port</>]/<replaceable>base dn</replaceable>[;<replaceable>prefix</>[;<replaceable>suffix</>]] </synopsis> ! for example: <synopsis> ! ldap://ldap.example.net/dc=example,dc=net;EXAMPLE\ </synopsis> </para> --- 929,941 ---- <synopsis> ldap[<replaceable>s</>]://<replaceable>servername</>[:<replaceable>port</>]/<replaceable>base dn</replaceable>[;<replaceable>prefix</>[;<replaceable>suffix</>]] </synopsis> ! Commas are used to specify multiple items in an <literal>ldap</> ! component. However, because unquoted commas are treated as item ! separators in <filename>pg_hba.conf</filename>, it is wise to ! double-quote the <literal>ldap</> URL to preserve any commas present, ! e.g.: <synopsis> ! "ldap://ldap.example.net/dc=example,dc=net;EXAMPLE\" </synopsis> </para>
В списке pgsql-bugs по дате отправления: