diff --git a/contrib/postgres_fdw/expected/postgres_fdw.out b/contrib/postgres_fdw/expected/postgres_fdw.out index 838ca83b55..cf74aeac41 100644 --- a/contrib/postgres_fdw/expected/postgres_fdw.out +++ b/contrib/postgres_fdw/expected/postgres_fdw.out @@ -188,7 +188,7 @@ ALTER USER MAPPING FOR public SERVER testserver1 ALTER USER MAPPING FOR public SERVER testserver1 OPTIONS (ADD sslmode 'require'); ERROR: invalid option "sslmode" -HINT: Valid options in this context are: user, password, sslpassword, ldapuser, password_required, sslcert, sslkey +HINT: Valid options in this context are: user, password, sslpassword, authuser, password_required, sslcert, sslkey -- But we can add valid ones fine ALTER USER MAPPING FOR public SERVER testserver1 OPTIONS (ADD sslpassword 'dummy'); diff --git a/contrib/postgres_fdw/option.c b/contrib/postgres_fdw/option.c index c734467f01..310e30598c 100644 --- a/contrib/postgres_fdw/option.c +++ b/contrib/postgres_fdw/option.c @@ -315,11 +315,11 @@ InitPgFdwOptions(void) popt->keyword = lopt->keyword; /* - * "user", "ldapuser", and any secret options are allowed only on user + * "user", "authuser", and any secret options are allowed only on user * mappings. Everything else is a server option. */ if (strcmp(lopt->keyword, "user") == 0 || - strcmp(lopt->keyword, "ldapuser") == 0 || + strcmp(lopt->keyword, "authuser") == 0 || strchr(lopt->dispchar, '*')) popt->optcontext = UserMappingRelationId; else diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml index 8a0ec715e4..9e62d36fb4 100644 --- a/doc/src/sgml/libpq.sgml +++ b/doc/src/sgml/libpq.sgml @@ -1455,8 +1455,8 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname - - ldapuser + + authuser When connecting to servers that use LDAP authentication, this option @@ -7943,10 +7943,10 @@ myEventProc(PGEventId evtId, void *evtInfo, void *passThrough) - PGLDAPUSER + PGAUTHUSER - PGLDAPUSER behaves the same as the - connection parameter. + PGAUTHUSER behaves the same as the + connection parameter. diff --git a/doc/src/sgml/postgres-fdw.sgml b/doc/src/sgml/postgres-fdw.sgml index 1165550955..4286dcfc47 100644 --- a/doc/src/sgml/postgres-fdw.sgml +++ b/doc/src/sgml/postgres-fdw.sgml @@ -120,7 +120,7 @@ - user, ldapuser, + user, authuser, password and sslpassword (specify these in a user mapping, instead, or use a service file) diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index e2010fa402..5205bc1a53 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -2534,8 +2534,8 @@ CheckLDAPAuth(Port *port) return STATUS_ERROR; } - /* If a PGLDAPUSER was not provided, default to PGUSER. */ - ldapuser = port->ldapuser; + /* If a PGAUTHUSER was not provided, default to PGUSER. */ + ldapuser = port->auth_user; if (!ldapuser || !ldapuser[0]) ldapuser = port->user_name; diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c index bc7e727dc5..e34d6f5726 100644 --- a/src/backend/postmaster/postmaster.c +++ b/src/backend/postmaster/postmaster.c @@ -2208,8 +2208,8 @@ retry1: port->database_name = pstrdup(valptr); else if (strcmp(nameptr, "user") == 0) port->user_name = pstrdup(valptr); - else if (strcmp(nameptr, "ldapuser") == 0) - port->ldapuser = pstrdup(valptr); + else if (strcmp(nameptr, "authuser") == 0) + port->auth_user = pstrdup(valptr); else if (strcmp(nameptr, "options") == 0) port->cmdline_options = pstrdup(valptr); else if (strcmp(nameptr, "replication") == 0) diff --git a/src/include/libpq/libpq-be.h b/src/include/libpq/libpq-be.h index 26f764aae9..ae9332cd45 100644 --- a/src/include/libpq/libpq-be.h +++ b/src/include/libpq/libpq-be.h @@ -147,6 +147,12 @@ typedef struct Port char *cmdline_options; List *guc_options; + /* + * The username to use during authentication, if different from user_name, + * or else NULL. Currently only supported for the LDAP auth method. + */ + const char *auth_user; + /* * The startup packet application name, only used here for the "connection * authorized" log message. We shouldn't use this post-startup, instead @@ -203,11 +209,6 @@ typedef struct Port void *gss; #endif - /* - * LDAP structures. - */ - const char *ldapuser; - /* * SSL structures. */ diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c index 6c7a3a94cb..75d0d7d4ec 100644 --- a/src/interfaces/libpq/fe-connect.c +++ b/src/interfaces/libpq/fe-connect.c @@ -344,9 +344,9 @@ static const internalPQconninfoOption PQconninfoOptions[] = { "Target-Session-Attrs", "", 15, /* sizeof("prefer-standby") = 15 */ offsetof(struct pg_conn, target_session_attrs)}, - {"ldapuser", "PGLDAPUSER", NULL, NULL, - "LDAP-User", "", 20, - offsetof(struct pg_conn, pgldapuser)}, + {"authuser", "PGAUTHUSER", NULL, NULL, + "Auth-User", "", 20, + offsetof(struct pg_conn, pgauthuser)}, /* Terminating entry --- MUST BE LAST */ {NULL, NULL, NULL, NULL, @@ -1440,8 +1440,6 @@ connectOptions2(PGconn *conn) goto oom_error; } - /* TODO: unset pgldapuser if it's the same as pguser, for compatibility? */ - /* * Only if we get this far is it appropriate to try to connect. (We need a * state flag, rather than just the boolean result of this function, in diff --git a/src/interfaces/libpq/fe-protocol3.c b/src/interfaces/libpq/fe-protocol3.c index 42e4e535ea..308fdcdf6f 100644 --- a/src/interfaces/libpq/fe-protocol3.c +++ b/src/interfaces/libpq/fe-protocol3.c @@ -2220,8 +2220,8 @@ build_startup_packet(const PGconn *conn, char *packet, ADD_STARTUP_OPTION("replication", conn->replication); if (conn->pgoptions && conn->pgoptions[0]) ADD_STARTUP_OPTION("options", conn->pgoptions); - if (conn->pgldapuser && conn->pgldapuser[0]) - ADD_STARTUP_OPTION("ldapuser", conn->pgldapuser); + if (conn->pgauthuser && conn->pgauthuser[0]) + ADD_STARTUP_OPTION("authuser", conn->pgauthuser); if (conn->send_appname) { /* Use appname if present, otherwise use fallback */ diff --git a/src/interfaces/libpq/libpq-int.h b/src/interfaces/libpq/libpq-int.h index ea8e23da08..288e93f367 100644 --- a/src/interfaces/libpq/libpq-int.h +++ b/src/interfaces/libpq/libpq-int.h @@ -390,7 +390,7 @@ struct pg_conn char *krbsrvname; /* Kerberos service name */ char *gsslib; /* What GSS library to use ("gssapi" or * "sspi") */ - char *pgldapuser; /* LDAP username, if not pguser */ + char *pgauthuser; /* LDAP username, if not pguser */ char *ssl_min_protocol_version; /* minimum TLS protocol version */ char *ssl_max_protocol_version; /* maximum TLS protocol version */ char *target_session_attrs; /* desired session properties */ diff --git a/src/test/ldap/t/001_auth.pl b/src/test/ldap/t/001_auth.pl index 4a771e1b79..963d4a97ce 100644 --- a/src/test/ldap/t/001_auth.pl +++ b/src/test/ldap/t/001_auth.pl @@ -246,15 +246,15 @@ test_access( qr/no match in usermap "mymap" for user "test2" authenticated as "test2"/, ]); -$ENV{"PGLDAPUSER"} = 'test2'; +$ENV{"PGAUTHUSER"} = 'test2'; test_access( $node, 'test1', 0, - 'succeeds with different PGLDAPUSER', + 'succeeds with different PGAUTHUSER', log_like => [ qr/connection authenticated: identity="uid=test2,dc=example,dc=net" method=ldap/, qr/connection authorized: user=test1/, ]); -delete $ENV{"PGLDAPUSER"}; +delete $ENV{"PGAUTHUSER"}; unlink($node->data_dir . '/pg_hba.conf'); $node->append_conf('pg_hba.conf', @@ -339,15 +339,15 @@ test_access( qr/no match in usermap "mymap" for user "test2" authenticated as "test2"/, ]); -$ENV{"PGLDAPUSER"} = 'test2'; +$ENV{"PGAUTHUSER"} = 'test2'; test_access( $node, 'test1', 0, - 'succeeds with different PGLDAPUSER', + 'succeeds with different PGAUTHUSER', log_like => [ qr/connection authenticated: identity="uid=test2,dc=example,dc=net" method=ldap/, qr/connection authorized: user=test1/, ]); -delete $ENV{"PGLDAPUSER"}; +delete $ENV{"PGAUTHUSER"}; unlink($node->data_dir . '/pg_hba.conf'); $node->append_conf('pg_hba.conf',