From: | rysiek(at)hackerspace(dot)pl |
---|---|
To: | pgsql-bugs(at)postgresql(dot)org |
Subject: | BUG #13625: LDAP connections via UNIX sockets |
Date: | 2015-09-20 02:37:54 |
Message-ID: | 20150920023754.313.74771@wrigleys.postgresql.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
The following bug has been logged on the website:
Bug reference: 13625
Logged by: rysiek
Email address: rysiek(at)hackerspace(dot)pl
PostgreSQL version: 9.4.4
Operating system: Debian GNU/Linux
Description:
PostgreSQL does not seem to support LDAP connections via UNIX sockets, due
to
use of deprecated function `ldap_init()`.
The documentation contains ample information on connecting to LDAP:
http://www.postgresql.org/docs/9.4/static/auth-methods.html#AUTH-LDAP
However, there seems no way of providing a UNIX socket path for connection.
Combinations tried:
ldapurl="ldap:///var/run/slapd/ldapi/dc=example,dc=com?cn"
ldapurl="ldap://%2fvar%2frun%2fslapd%2fldapi/dc=example,dc=com?cn"
ldapurl="ldap://%x2fvar%x2frun%x2fslapd%x2fldapi/dc=example,dc=com?cn"
ldapurl="ldapi:///var/run/slapd/ldapi/dc=example,dc=com?cn"
ldapurl="ldapi://%2fvar%2frun%2fslapd%2fldapi/dc=example,dc=com?cn"
ldapurl="ldapi://%x2fvar%x2frun%x2fslapd%x2fldapi/dc=example,dc=com?cn"
ldapserver="/var/run/slapd/ldapi"
ldapserver="%2fvar%2frun%2fslapd%2fldapi"
ldapserver="%x2fvar%x2frun%x2fslapd%x2fldapi"
ldapserver="ldapi:///var/run/slapd/ldapi"
ldapserver="ldapi://%2fvar%2frun%2fslapd%2fldapi"
ldapserver="ldapi://%x2fvar%x2frun%x2fslapd%x2fldapi"
Some of these cause PostgreSQL not to start at all, either with exit code 1
or
139; some fail when authentication is required, either with "LOG: could
not
initialize LDAP: No such file or directory" or " LOG: could not perform
initial LDAP bind for ldapbinddn "(null)" on server "/var/run/slapd/ldapi":
Can't contact LDAP server"
The socket does exist and `ldapsearch` utility successfuly connects and
retrieves data from the LDAP server.
PostgreSQL uses `ldap_init()` function in code;
http://git.postgresql.org/gitweb/?p=postgresql.git&a=search&h=HEAD&st=grep&s=ldap_init
This function is, however, deprecated:
http://www.openldap.org/software//man.cgi?query=ldap_init&sektion=3&apropos=0&manpath=OpenLDAP+2.4-Release
"At this time, ldap_open() and ldap_init() are deprecated in favor of
ldap_initialize(), essentially because the latter allows to specify a
schema
in the URI and it explicitly returns an error code."
Switching to `ldap_initialize()` would not only mean that a deprecated
function
is not used anymore, but also would allow PostgreSQL to utilize UNIX socket
LDAP connections.
--
Regards,
Michał "rysiek" Woźniak
http://rys.io/
From | Date | Subject | |
---|---|---|---|
Next Message | Adrian.Vondendriesch | 2015-09-20 12:16:15 | Re: BUG #12989: pg_size_pretty with negative values |
Previous Message | Michael Paquier | 2015-09-19 05:14:13 | Re: PQexec() hangs on OOM |