Re: BUG #3123: Problem with LDAP auth strings

I have researched this and the incorrect behavior seems to be totally
caused by the fact that unquoted commas are treated as item separators
in pg_hba.conf.

I have updated the documentation in 8.2 and CVS HEAD to indicate that
the LDAP URL should be double-quoted, and double-quoted the example URL
for emphasis.

If double-quoting does not 100% fix your problem, please let us know.
Thanks.

Documentation patch attached.

---------------------------------------------------------------------------

Brian Topping wrote:
>
> The following bug has been logged online:
>
> Bug reference: 3123
> Logged by: Brian Topping
> Email address: topping(at)codehaus(dot)org
> PostgreSQL version: 8.2
> Operating system: Linux
> Description: Problem with LDAP auth strings
> Details:
>
> http://www.mail-archive.com/pgsql-general(at)postgresql(dot)org/msg92652.html
> outlines a bit of it.
>
> The options to the ldap auth method in pg_hba.conf doesn't work properly.
> The dn base is completely ignored, and the suffix has all the commas parsed
> out of it for some reason.
>
> If it were working correctly, the base dn would be concatenated with the
> prefix and the username to create the correct DN to send to the server. The
> suffix should not strictly be necessary.
>
> ---------------------------(end of broadcast)---------------------------
> TIP 6: explain analyze is your friend

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://www.enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +