| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Zechman, Derek S" <Derek(dot)S(dot)Zechman(at)snapon(dot)com> |
| Cc: | "pgsql-bugs(at)lists(dot)postgresql(dot)org" <pgsql-bugs(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: pg_hba.conf "authentication file token too long, skipping" |
| Date: | 2023-07-24 16:51:35 |
| Message-ID: | 1567990.1690217495@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
"Zechman, Derek S" <Derek(dot)S(dot)Zechman(at)snapon(dot)com> writes:
> hostssl all +fnc_personal_account_rl XXX.XX.X.X/16 ldap ldapserver=xxxx-xxxx-xx-xx.mydomainname.com ldapbasedn="OU=Users,OU=Primary,OU=All,DC=mydomainname,DC=com" ldapbinddn="CN=abc_postgres_sa,OU=T1-ServiceAccounts,OU=Tier1,OU=Admin,OU=All,DC=mydomainname,DC=com" ldapbindpasswd="30characterpassword" ldapsearchfilter="(&(objectClass=user)(sAMAccountName=$username)(|(memberof=CN=xxx,OU=Groups,OU=Primary,OU=All,DC=mydomainname,DC=com)(memberof=CN=XxxxxxXXXx,OU=Groups,OU=Primary,OU=All,DC=mydomainname,DC=com)(memberof=CN=xxxxxxxxxxxxxx,OU=Groups,OU=Primary,OU=All,DC=mydomainname,DC=com)))"
Yeah, your ldapsearchfilter option is hitting the 256-byte MAX_TOKEN
limit in hba.c. A one-line improvement would be to increase that
constant, but it doesn't look very much harder to get rid of that
fixed-size buffer altogether in favor of a StringInfo.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Martin del Campo Campos | 2023-07-24 18:03:40 | Re: BUG #18027: Logical replication taking forever |
| Previous Message | Zechman, Derek S | 2023-07-24 15:05:15 | pg_hba.conf "authentication file token too long, skipping" |