From: | Thomas Munro <thomas(dot)munro(at)enterprisedb(dot)com> |
---|---|
To: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
Cc: | Mark Cave-Ayland <mark(dot)cave-ayland(at)ilande(dot)co(dot)uk>, Magnus Hagander <magnus(at)hagander(dot)net>, Pg Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: More flexible LDAP auth search filters? |
Date: | 2017-08-01 22:17:51 |
Message-ID: | CAEepm=2u_jPVJCh76=-C06+swTGmYQ=-3+zJ=zzirdBH4VZkRQ@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Wed, Aug 2, 2017 at 5:36 AM, Peter Eisentraut
<peter(dot)eisentraut(at)2ndquadrant(dot)com> wrote:
> On 7/16/17 19:09, Thomas Munro wrote:
>> On Mon, Jul 17, 2017 at 10:26 AM, Thomas Munro
>> <thomas(dot)munro(at)enterprisedb(dot)com> wrote:
>>> ldap-search-filters-v2.patch
>>
>> Gah, it would help if I could spell "occurrences" correctly. Fixed in
>> the attached.
>
> Please also add the corresponding support for specifying search filters
> in LDAP URLs. See RFC 4516 for the format and
> https://linux.die.net/man/3/ldap_url_parse for the API. You might just
> need to grab LDAPURLDesc.lud_filter and use it.
Good idea. Yes, it seems to be that simple. Here's a version like
that. Here's an example of how it looks in pg_hba.conf:
host all all 127.0.0.1/32 ldap
ldapurl="ldap://localhost/ou=people1,dc=my-domain,dc=com??sub?(cn=%25u)"
Maybe we could choose a better token than %u for user name, since it
has to be escaped when included in a URL like that, but on the other
hand there seems to be wide precedent for %u in other software.
--
Thomas Munro
http://www.enterprisedb.com
Attachment | Content-Type | Size |
---|---|---|
ldap-search-filters-v4.patch | application/octet-stream | 10.7 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Robert Haas | 2017-08-01 22:21:52 | Re: Adding support for Default partition in partitioning |
Previous Message | Peter Geoghegan | 2017-08-01 20:42:33 | Re: Crash report for some ICU-52 (debian8) COLLATE and work_mem values |