If libpq has been compiled with LDAP support (option
configure) it is possible to retrieve connection options like
dbname via LDAP from a central server. The advantage is that if the connection parameters for a database change, the connection information doesn't have to be updated on all client machines.
LDAP connection parameter lookup uses the connection service file
pg_service.conf (see Section 34.17). A line in a
pg_service.conf stanza that starts with
ldap:// will be recognized as an LDAP URL and an LDAP query will be performed. The result must be a list of
keyword = value pairs which will be used to set connection options. The URL must conform to RFC 1959 and be of the form
hostname defaults to
port defaults to 389.
pg_service.conf is terminated after a successful LDAP lookup, but is continued if the LDAP server cannot be contacted. This is to provide a fallback with further LDAP URL lines that point to different LDAP servers, classical
keyword = value pairs, or default connection options. If you would rather get an error message in this case, add a syntactically incorrect line after the LDAP URL.
A sample LDAP entry that has been created with the LDIF file
version:1 dn:cn=mydatabase,dc=mycompany,dc=com changetype:add objectclass:top objectclass:device cn:mydatabase description:host=dbserver.mycompany.com description:port=5439 description:dbname=mydb description:user=mydb_user description:sslmode=require
might be queried with the following LDAP URL:
You can also mix regular service file entries with LDAP lookups. A complete example for a stanza in
pg_service.conf would be:
# only host and port are stored in LDAP, specify dbname and user explicitly [customerdb] dbname=customer user=appuser ldap://ldap.acme.com/cn=dbserver,cn=hosts?pgconnectinfo?base?(objectclass=*)
If you see anything in the documentation that is not correct, does not match your experience with the particular feature or requires further clarification, please use this form to report a documentation issue.