If libpq has been compiled
with LDAP support (option
configure) it is possible to retrieve connection
dbname via LDAP from a central server. The
advantage is that if the connection parameters for a database
change, the connection information doesn't have to be updated on
all client machines.
LDAP connection parameter lookup uses the connection service
pg_service.conf (see Section 34.16).
A line in a
that starts with
ldap:// will be
recognized as an LDAP URL and an LDAP query will be performed.
The result must be a list of
value pairs which will be used to set connection options.
The URL must conform to RFC 1959 and be of the form
port defaults to 389.
terminated after a successful LDAP lookup, but is continued if
the LDAP server cannot be contacted. This is to provide a
fallback with further LDAP URL lines that point to different LDAP
keyword = value
pairs, or default connection options. If you would rather get an
error message in this case, add a syntactically incorrect line
after the LDAP URL.
A sample LDAP entry that has been created with the LDIF file
version:1 dn:cn=mydatabase,dc=mycompany,dc=com changetype:add objectclass:top objectclass:device cn:mydatabase description:host=dbserver.mycompany.com description:port=5439 description:dbname=mydb description:user=mydb_user description:sslmode=require
might be queried with the following LDAP URL:
You can also mix regular service file entries with LDAP
lookups. A complete example for a stanza in
pg_service.conf would be:
# only host and port are stored in LDAP, specify dbname and user explicitly [customerdb] dbname=customer user=appuser ldap://ldap.acme.com/cn=dbserver,cn=hosts?pgconnectinfo?base?(objectclass=*)
If you see anything in the documentation that is not correct, does not match your experience with the particular feature or requires further clarification, please use this form to report a documentation issue.