The following bug has been logged online:

Bug reference: 3123
Logged by: Brian Topping
Email address: topping@codehaus.org
PostgreSQL version: 8.2
Operating system: Linux
Description: Problem with LDAP auth strings
Details:

http://www.mail-archive.com/pgsql-ge.../msg92652.html
outlines a bit of it.

The options to the ldap auth method in pg_hba.conf doesn't work properly.
The dn base is completely ignored, and the suffix has all the commas parsed
out of it for some reason.

If it were working correctly, the base dn would be concatenated with the
prefix and the username to create the correct DN to send to the server. The
suffix should not strictly be necessary.

---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend

I have researched this and the incorrect behavior seems to be totally
caused by the fact that unquoted commas are treated as item separators
in pg_hba.conf.

I have updated the documentation in 8.2 and CVS HEAD to indicate that
the LDAP URL should be double-quoted, and double-quoted the example URL
for emphasis.

If double-quoting does not 100% fix your problem, please let us know.
Thanks.

Documentation patch attached.

---------------------------------------------------------------------------

Brian Topping wrote:
>
> The following bug has been logged online:
>
> Bug reference: 3123
> Logged by: Brian Topping
> Email address: topping@codehaus.org
> PostgreSQL version: 8.2
> Operating system: Linux
> Description: Problem with LDAP auth strings
> Details:
>
> http://www.mail-archive.com/pgsql-ge.../msg92652.html
> outlines a bit of it.
>
> The options to the ldap auth method in pg_hba.conf doesn't work properly.
> The dn base is completely ignored, and the suffix has all the commas parsed
> out of it for some reason.
>
> If it were working correctly, the base dn would be concatenated with the
> prefix and the username to create the correct DN to send to the server. The
> suffix should not strictly be necessary.
>
> ---------------------------(end of broadcast)---------------------------
> TIP 6: explain analyze is your friend

--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://www.enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +


---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo@postgresql.org so that your
message can get through to the mailing list cleanly

Bruce Momjian wrote:
> I have researched this and the incorrect behavior seems to be totally
> caused by the fact that unquoted commas are treated as item separators
> in pg_hba.conf.
>
> I have updated the documentation in 8.2 and CVS HEAD to indicate that
> the LDAP URL should be double-quoted, and double-quoted the example URL
> for emphasis.
>
> If double-quoting does not 100% fix your problem, please let us know.
> Thanks.
>
> Documentation patch attached.
>

I've been working off-list with the other person who reported the same
problem, and for him the problem was fixed with the double quotes. I was
actually just about to start on that documentation update myself, thanks
for taking care of it.

//Magnus

---------------------------(end of broadcast)---------------------------
TIP 4: Have you searched our list archives?

http://archives.postgresql.org