Re: LDAP authentication fails with concurrent create extensions

Поиск
Список
Период
Сортировка
От Greg k
Тема Re: LDAP authentication fails with concurrent create extensions
Дата
Msg-id CAC5zpv3CY0y5okrgeBF=Sqxfi-yOO_LWiVr-rHPn6_4cGzb8Dw@mail.gmail.com
обсуждение исходный текст
Ответ на Re: LDAP authentication fails with concurrent create extensions  (Stephen Frost <sfrost@snowman.net>)
Ответы Re: LDAP authentication fails with concurrent create extensions  (Thomas Munro <thomas.munro@enterprisedb.com>)
Список pgsql-bugs
Дерево обсуждения
Hi Stephen,

Do I need to raise this as an issue or bug?

Thanks,
Greg

On Tue, 10 Apr 2018 at 21:31 Stephen Frost <sfrost@snowman.net> wrote:
Greetings,

* Greg k (gregg.kay@gmail.com) wrote:
> We are using postgresql 10.3 on Centos 7.2 with LDAP authentication (samba4
> with AD domain controller). We've recently moved to LDAP authentication and
> are now encountering a problem where some concurrent connections that
> create extensions in different databases at the same time are failing with
> a "Can't contact LDAP server" error. The postgres error log contains:

You really shouldn't be using LDAP in an AD environment for
authentication- configure and use Kerberos instead, which is much more
secure than having cleartext passwords seen by the PG server and then
proxied to the LDAP server.

That said, there does appear to be an issue here, thanks for creating a
test case.

Stephen

В списке pgsql-bugs по дате отправления:

Предыдущее
От: Tom Lane
Дата:
Сообщение: Re: Ignored join clause
Следующее
От: Thomas Munro
Дата:
Сообщение: Re: LDAP authentication fails with concurrent create extensions