BUG #3095: LDAP authentication parsing incorrectly

The following bug has been logged online:

Bug reference:      3095
Logged by:          Joey Wang
Email address:      jwang@sentillion.com
PostgreSQL version: 8.2.3
Operating system:   Linux
Description:        LDAP authentication parsing incorrectly
Details:

LDAP authentication parsing has two bugs.

When pg_hba.conf contains the a line

host all all 127.0.0.1/24 ldap
ldap://ActiveDirectory/dc=domain,dc=com;cn=;,cn=users

We expect the parsing will construct a user DN as

cn=userid,cn=users,dc=domain,dc=com

But

(1) dc=domain,dc=com is ignored. This is the src code from auth.c:

.....

/* ldap, no port number */
r = sscanf(port->auth_arg,                  "ldap://%127[^/]/%127[^;];%127[^;];%127s",
   server, basedn, prefix, suffix);

.....

snprintf(fulluser, sizeof(fulluser), "%s%s%s",
     prefix, port->user_name, suffix);
fulluser[sizeof(fulluser) - 1] = '\0';

r = ldap_simple_bind_s(ldap, fulluser, passwd);

We can see the code did not use basedn.

(2) suffix containing ',' is converted to other character. This bug is
caused by parsing algrithm to treat comma as a token separator.