RE: pg_hba.conf "authentication file token too long, skipping"

" A one-line improvement would be to increase that constant, but it doesn't look very much harder to get rid of that fixed-size buffer altogether in favor of a StringInfo."

Is this something that can be included in the next patch?

-----Original Message-----
From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Sent: Monday, July 24, 2023 12:52 PM
To: Zechman, Derek S <Derek(dot)S(dot)Zechman(at)snapon(dot)com>
Cc: pgsql-bugs(at)lists(dot)postgresql(dot)org
Subject: Re: pg_hba.conf "authentication file token too long, skipping"

CAUTION: This email originated from outside of Snap-on. Do not click on links or open attachments unless you have validated the sender, even if it is a known contact. Contact the sender by phone to validate the contents.

"Zechman, Derek S" <Derek(dot)S(dot)Zechman(at)snapon(dot)com> writes:
> hostssl all +fnc_personal_account_rl XXX.XX.X.X/16 ldap ldapserver=xxxx-xxxx-xx-xx.mydomainname.com ldapbasedn="OU=Users,OU=Primary,OU=All,DC=mydomainname,DC=com" ldapbinddn="CN=abc_postgres_sa,OU=T1-ServiceAccounts,OU=Tier1,OU=Admin,OU=All,DC=mydomainname,DC=com" ldapbindpasswd="30characterpassword" ldapsearchfilter="(&(objectClass=user)(sAMAccountName=$username)(|(memberof=CN=xxx,OU=Groups,OU=Primary,OU=All,DC=mydomainname,DC=com)(memberof=CN=XxxxxxXXXx,OU=Groups,OU=Primary,OU=All,DC=mydomainname,DC=com)(memberof=CN=xxxxxxxxxxxxxx,OU=Groups,OU=Primary,OU=All,DC=mydomainname,DC=com)))"

Yeah, your ldapsearchfilter option is hitting the 256-byte MAX_TOKEN limit in hba.c. A one-line improvement would be to increase that constant, but it doesn't look very much harder to get rid of that fixed-size buffer altogether in favor of a StringInfo.

regards, tom lane