Skip site navigation (1) Skip section navigation (2)

BUG #3095: LDAP authentication parsing incorrectly

From: "Joey Wang" <jwang(at)sentillion(dot)com>
To: pgsql-bugs(at)postgresql(dot)org
Subject: BUG #3095: LDAP authentication parsing incorrectly
Date: 2007-03-01 21:48:34
Message-ID: (view raw or whole thread)
Lists: pgsql-bugspgsql-patches
The following bug has been logged online:

Bug reference:      3095
Logged by:          Joey Wang
Email address:      jwang(at)sentillion(dot)com
PostgreSQL version: 8.2.3
Operating system:   Linux
Description:        LDAP authentication parsing incorrectly

LDAP authentication parsing has two bugs.

When pg_hba.conf contains the a line

host all all ldap

We expect the parsing will construct a user DN as



(1) dc=domain,dc=com is ignored. This is the src code from auth.c:


/* ldap, no port number */
r = sscanf(port->auth_arg,				  "ldap://%127[^/]/%127[^;];%127[^;];%127s",
   server, basedn, prefix, suffix);


snprintf(fulluser, sizeof(fulluser), "%s%s%s",
	 prefix, port->user_name, suffix);
fulluser[sizeof(fulluser) - 1] = '\0';

r = ldap_simple_bind_s(ldap, fulluser, passwd);

We can see the code did not use basedn.

(2) suffix containing ',' is converted to other character. This bug is
caused by parsing algrithm to treat comma as a token separator.


pgsql-bugs by date

Next:From: mfwittenDate: 2007-03-01 21:59:03
Subject: Re: BUG #3087: Endiannes, of all things
Previous:From: Tom LaneDate: 2007-03-01 16:41:54
Subject: Re: BUG #3092: character varying and integer cannot be matched

pgsql-patches by date

Next:From: Heikki LinnakangasDate: 2007-03-01 22:19:46
Subject: Re: A little COPY speedup
Previous:From: Heikki LinnakangasDate: 2007-03-01 21:05:33
Subject: Re: A little COPY speedup

Privacy Policy | About PostgreSQL
Copyright © 1996-2015 The PostgreSQL Global Development Group