BUG #13625: LDAP connections via UNIX sockets

Поиск
Список
Период
Сортировка
От rysiek@hackerspace.pl
Тема BUG #13625: LDAP connections via UNIX sockets
Дата
Msg-id 20150920023754.313.74771@wrigleys.postgresql.org
обсуждение исходный текст
Список pgsql-bugs
Дерево обсуждения 
The following bug has been logged on the website:

Bug reference:      13625
Logged by:          rysiek
Email address:      rysiek@hackerspace.pl
PostgreSQL version: 9.4.4
Operating system:   Debian GNU/Linux
Description:

PostgreSQL does not seem to support LDAP connections via UNIX sockets, due
to
use of deprecated function `ldap_init()`.

The documentation contains ample information on connecting to LDAP:
http://www.postgresql.org/docs/9.4/static/auth-methods.html#AUTH-LDAP

However, there seems no way of providing a UNIX socket path for connection.
Combinations tried:
ldapurl="ldap:///var/run/slapd/ldapi/dc=example,dc=com?cn"
ldapurl="ldap://%2fvar%2frun%2fslapd%2fldapi/dc=example,dc=com?cn"
ldapurl="ldap://%x2fvar%x2frun%x2fslapd%x2fldapi/dc=example,dc=com?cn"
ldapurl="ldapi:///var/run/slapd/ldapi/dc=example,dc=com?cn"
ldapurl="ldapi://%2fvar%2frun%2fslapd%2fldapi/dc=example,dc=com?cn"
ldapurl="ldapi://%x2fvar%x2frun%x2fslapd%x2fldapi/dc=example,dc=com?cn"
ldapserver="/var/run/slapd/ldapi"
ldapserver="%2fvar%2frun%2fslapd%2fldapi"
ldapserver="%x2fvar%x2frun%x2fslapd%x2fldapi"
ldapserver="ldapi:///var/run/slapd/ldapi"
ldapserver="ldapi://%2fvar%2frun%2fslapd%2fldapi"
ldapserver="ldapi://%x2fvar%x2frun%x2fslapd%x2fldapi"

Some of these cause PostgreSQL not to start at all, either with exit code 1
or
139; some fail when authentication is required, either with "LOG:  could
not
initialize LDAP: No such file or directory" or  " LOG:  could not perform
initial LDAP bind for ldapbinddn "(null)" on server "/var/run/slapd/ldapi":
Can't contact LDAP server"

The socket does exist and `ldapsearch` utility successfuly connects and
retrieves data from the LDAP server.

PostgreSQL uses `ldap_init()` function in code;
http://git.postgresql.org/gitweb/?p=postgresql.git&a=search&h=HEAD&st=grep&s=ldap_init

This function is, however, deprecated:
http://www.openldap.org/software//man.cgi?query=ldap_init&sektion=3&apropos=0&manpath=OpenLDAP+2.4-Release

"At this time, ldap_open() and ldap_init() are deprecated  in  favor  of
 ldap_initialize(),  essentially  because the latter allows to specify a
schema
 in the URI and it explicitly returns an error code."

Switching to `ldap_initialize()` would not only mean that a deprecated
function
is not used anymore, but also would allow PostgreSQL to utilize UNIX socket
LDAP connections.

--
Regards,
Michał "rysiek" Woźniak
http://rys.io/

В списке pgsql-bugs по дате отправления:

Предыдущее
От: Michael Paquier
Дата:
Сообщение: Re: PQexec() hangs on OOM
Следующее
От: "Adrian.Vondendriesch"
Дата:
Сообщение: Re: BUG #12989: pg_size_pretty with negative values