Обсуждение: LDAP Authentication with spaces in DN
I’m trying to configure LDAP authentication. Added a line to pg_hba.conf with the fowling config:
host all all 127.0.0.1/32 ldap "ldap://ldapserver:389/o=My Organization,C=PT;cn =;,o=My Organization,C=PT"
when I try to authenticate I got a fatal error line in pg_log like this
LOG: LDAP login failed for user "cn =user1,o=My" on server "ldapserver": error code 49
FATAL: LDAP authentication failed for user "user1"
Digging into postgres sources found the problem. File auth.c in line 1376 does some ldap configuration parse using sscanf with the mask “ldap://%127[^:]:%d/%127[^;];%127[^;];%127s”. The sscanf function reads until it finds a blank space, tab or new line, so if the string contains any blank space after the last ‘:’ everything else is ignored!
PS: I’m using postgres 8.3.0
César Miguel Oliveira Alves <calves@caso.pt> writes:
> Digging into postgres sources found the problem. File auth.c in line 1376
> does some ldap configuration parse using sscanf with the mask
> "ldap://%127[^:]:%d/%127[^;];%127[^;];%127s". The sscanf function reads
> until it finds a blank space, tab or new line, so if the string contains any
> blank space after the last ':' everything else is ignored!
Fixed, thanks for the report!
regards, tom lane