| From: | Greg k <gregg(dot)kay(at)gmail(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | "pgsql-bugs(at)lists(dot)postgresql(dot)org" <pgsql-bugs(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: LDAP authentication fails with concurrent create extensions |
| Date: | 2018-04-20 01:43:34 |
| Message-ID: | CAC5zpv3CY0y5okrgeBF=Sqxfi-yOO_LWiVr-rHPn6_4cGzb8Dw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Hi Stephen,
Do I need to raise this as an issue or bug?
Thanks,
Greg
On Tue, 10 Apr 2018 at 21:31 Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> Greetings,
>
> * Greg k (gregg(dot)kay(at)gmail(dot)com) wrote:
> > We are using postgresql 10.3 on Centos 7.2 with LDAP authentication
> (samba4
> > with AD domain controller). We've recently moved to LDAP authentication
> and
> > are now encountering a problem where some concurrent connections that
> > create extensions in different databases at the same time are failing
> with
> > a "Can't contact LDAP server" error. The postgres error log contains:
>
> You really shouldn't be using LDAP in an AD environment for
> authentication- configure and use Kerberos instead, which is much more
> secure than having cleartext passwords seen by the PG server and then
> proxied to the LDAP server.
>
> That said, there does appear to be an issue here, thanks for creating a
> test case.
>
> Stephen
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thomas Munro | 2018-04-20 02:09:55 | Re: LDAP authentication fails with concurrent create extensions |
| Previous Message | Tom Lane | 2018-04-19 16:58:47 | Re: Ignored join clause |