| From: | James Sewell <james(dot)sewell(at)lisasoft(dot)com> |
|---|---|
| To: | "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
| Subject: | LDAP referrals |
| Date: | 2013-06-26 01:47:06 |
| Message-ID: | CANkGpBs=jHuyqZ1b9aqJw8UaaJprATAbbn8CvrXePiVUhv+upg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hello All,
Is there a way to disable chasing LDAP referrals in PostgreSQL?
Take the following LDAP config options from pg_hba.conf
ldapserver=server.org.com
ldapbinddn="cn=bindUser,cn=users,dc=core,dc=dir,dc=org,dc=com"
ldapbindpasswd="bindPass" ldapbasedn="dc=core,dc=dir,dc=org,dc=com"
ldapsearchattribute="sAMAccountName"
From ldapsearch I can do the following search:
ldapsearch -x -h server.org.com \
-D "cn=bindUser,cn=users,dc=core,dc=dir,dc=org,dc=com" -W \
-b "dc=core,dc=dir,dc=org,dc=com" \
"sAMAccountName=searchUser" sAMAccountName
Which gives me the following response:
# extended LDIF
#
# LDAPv3
# base <dc=core,dc=dir,dc=org,dc=com> with scope subtree
# filter: sAMAccountName=searchUser
# requesting: sAMAccountName
#
# d248265, People, eProfile, server.org.com
dn: CN=searchUser,OU=People,OU=eProfile,DC=core,DC=dir,DC=org,DC=com
sAMAccountName: searchUser
# search reference
ref: ldap://otherserver.org.com/CN=Configuration,DC=core,DC=dir,DC=org,DC
=com
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 1
# numReferences: 1
Which is expected.
If I run psql like so:
psql -U d248265 -h 127.0.0.1 dccn
then it hangs. From a packet capture I've determined that in this time it
is trying to resolve the referral, which is broken and times out.
I can verify this by re-running the above ldapsearch with the -C
option (automatically
chase referrals). This hangs as well.
I know that the real root cause if my broken LDAP server, but is there a
way to disable chasing referrals?
Cheers,
James Sewell
James Sewell
PostgreSQL Team Lead / Solutions Architect
_____________________________________
[image:
http://www.lisasoft.com/sites/lisasoft/files/u1/2013hieghtslogan_0.png]
Level 2, 50 Queen St,
Melbourne, VIC, 3000
P: 03 8370 8000 F: 03 8370 8099 W: www.lisasoft.com
--
------------------------------
The contents of this email are confidential and may be subject to legal or
professional privilege and copyright. No representation is made that this
email is free of viruses or other defects. If you have received this
communication in error, you may not copy or distribute any part of it or
otherwise disclose its contents to anyone. Please advise the sender of your
incorrect receipt of this correspondence.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dan Birken | 2013-06-26 02:26:41 | Re: pg_receivexlog 9.2 client working with 9.1 server? |
| Previous Message | Pavel Stehule | 2013-06-25 21:56:43 | Re: utf8 errors |
