From: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> |
---|---|
To: | "Kumar, Virendra" <Virendra(dot)Kumar(at)guycarp(dot)com> |
Cc: | "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
Subject: | Re: Multiple LDAP Servers for ldap Authentication |
Date: | 2018-12-20 18:47:26 |
Message-ID: | 20181220184726.o2famnw2hucj734a@alvherre.pgsql |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Hello Virendra
On 2018-Dec-20, Kumar, Virendra wrote:
> I am going through ldap authentication documents in PostgreSQL and found that we can specify multiple ldap servers but sure how. I have put two entries in double quotes like below:
> --
> host all all 0.0.0.0/0 ldap ldapserver="server1.com server2.com" ldapprefix=PROD01\
>
> There is no complain when reloading the pg_hba.conf file however when server1.com is down the connection just times out instead of trying server2. Does anybody have idea how to configure it or how to make this work.
Reading the server code, I find this rather surprising. The ldapserver
string is passed directly to ldap_init(), which per its manual should
use the multiple servers:
"The host parameter may contain a blank-separated list of hosts to try
to connect to, and each host may optionally by of the form
host:port."
( quoted from https://linux.die.net/man/3/ldap_init )
Maybe the library you have does not behave in the same way? It would be
good to confirm that the LDAP library you have is OpenLDAP and not
something else. Can you run an `ldd` on the postgres binary and see
what the output says about ldap?
--
Álvaro Herrera https://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
From | Date | Subject | |
---|---|---|---|
Next Message | Kumar, Virendra | 2018-12-20 18:50:48 | RE: Multiple LDAP Servers for ldap Authentication |
Previous Message | Mike Rylander | 2018-12-20 16:11:19 | Re: Watching for view changes |