BUG #13625: LDAP connections via UNIX sockets
| От | rysiek@hackerspace.pl |
|---|---|
| Тема | BUG #13625: LDAP connections via UNIX sockets |
| Дата | |
| Msg-id | 20150920023754.313.74771@wrigleys.postgresql.org обсуждение исходный текст |
| Список | pgsql-bugs |
The following bug has been logged on the website: Bug reference: 13625 Logged by: rysiek Email address: rysiek@hackerspace.pl PostgreSQL version: 9.4.4 Operating system: Debian GNU/Linux Description: PostgreSQL does not seem to support LDAP connections via UNIX sockets, due to use of deprecated function `ldap_init()`. The documentation contains ample information on connecting to LDAP: http://www.postgresql.org/docs/9.4/static/auth-methods.html#AUTH-LDAP However, there seems no way of providing a UNIX socket path for connection. Combinations tried: ldapurl="ldap:///var/run/slapd/ldapi/dc=example,dc=com?cn" ldapurl="ldap://%2fvar%2frun%2fslapd%2fldapi/dc=example,dc=com?cn" ldapurl="ldap://%x2fvar%x2frun%x2fslapd%x2fldapi/dc=example,dc=com?cn" ldapurl="ldapi:///var/run/slapd/ldapi/dc=example,dc=com?cn" ldapurl="ldapi://%2fvar%2frun%2fslapd%2fldapi/dc=example,dc=com?cn" ldapurl="ldapi://%x2fvar%x2frun%x2fslapd%x2fldapi/dc=example,dc=com?cn" ldapserver="/var/run/slapd/ldapi" ldapserver="%2fvar%2frun%2fslapd%2fldapi" ldapserver="%x2fvar%x2frun%x2fslapd%x2fldapi" ldapserver="ldapi:///var/run/slapd/ldapi" ldapserver="ldapi://%2fvar%2frun%2fslapd%2fldapi" ldapserver="ldapi://%x2fvar%x2frun%x2fslapd%x2fldapi" Some of these cause PostgreSQL not to start at all, either with exit code 1 or 139; some fail when authentication is required, either with "LOG: could not initialize LDAP: No such file or directory" or " LOG: could not perform initial LDAP bind for ldapbinddn "(null)" on server "/var/run/slapd/ldapi": Can't contact LDAP server" The socket does exist and `ldapsearch` utility successfuly connects and retrieves data from the LDAP server. PostgreSQL uses `ldap_init()` function in code; http://git.postgresql.org/gitweb/?p=postgresql.git&a=search&h=HEAD&st=grep&s=ldap_init This function is, however, deprecated: http://www.openldap.org/software//man.cgi?query=ldap_init&sektion=3&apropos=0&manpath=OpenLDAP+2.4-Release "At this time, ldap_open() and ldap_init() are deprecated in favor of ldap_initialize(), essentially because the latter allows to specify a schema in the URI and it explicitly returns an error code." Switching to `ldap_initialize()` would not only mean that a deprecated function is not used anymore, but also would allow PostgreSQL to utilize UNIX socket LDAP connections. -- Regards, MichaŠ"rysiek" Woźniak http://rys.io/
В списке pgsql-bugs по дате отправления: