Re: BUG #16399: Ldap authentication bug
| От | Thomas Munro |
|---|---|
| Тема | Re: BUG #16399: Ldap authentication bug |
| Дата | |
| Msg-id | CA+hUKGKCfB5hxbdNv4LDwWD-9TXg4nmGgWX2mchsUjkJLmfefA@mail.gmail.com обсуждение исходный текст |
| Ответ на | BUG #16399: Ldap authentication bug (PG Bug reporting form <noreply@postgresql.org>) |
| Список | pgsql-bugs |
On Wed, Apr 29, 2020 at 12:22 PM PG Bug reporting form <noreply@postgresql.org> wrote: > The following bug has been logged on the website: > > Bug reference: 16399 > Logged by: Ciaran > Email address: ciaranrh@gmail.com > PostgreSQL version: 10.12 > Operating system: Windows Server 2012 > Description: > > Hello, > > Follow the documentation here: > https://www.postgresql.org/docs/10/auth-methods.html#AUTH-LDAP I'm > attempting to enable LDAP authentication on my postgres database. > > The relevant line for my testing this in my pg_hba.conf file is as > follows: > host all ciaranh 0.0.0.0/0 ldap > ldapurl="ldap://<DC>/OU=IT,DC=CNFLTD,DC=COM?sAMAccountName?one" > #ldapbinddn="CN=Postgres Bind, OU=Service Accounts, DC=CNFLTD, DC=COM" > ldapbindpasswd="cnfP@ssw0rd" > > I receive the following error when trying to start the postgres service: > 2020-04-28 16:00:02.619 PDT [4704] LOG: authentication method "ldap" > requires argument "ldapserver" to be set > 2020-04-28 16:00:02.619 PDT [4704] CONTEXT: line 79 of configuration file > "C:/Program Files/PostgreSQL/10/data/pg_hba.conf" > 2020-04-28 16:00:02.619 PDT [4704] FATAL: could not load pg_hba.conf > > I do not understand why the ldapserver need be set if it's specified in the > ldapurl field, this seems like a bug to me. Huh. I'm surprised you don't get the error "LDAP URLs not supported on this platform"[1], since you're on Windows. Our documentation stays that we don't support LDAP URLs on Windows (patches welcome); it's possible that the error checking for that is somehow wrong. I haven't heard of this myself, but if your build is somehow using OpenLDAP instead of Win32 LDAP then I suppose it should just work (though I'm not entirely sure if there are other place in the code that assume that Windows must be using Win32 LDAP). That would imply that ldap_url_parse() succeeded but set urldata->lud_host to NULL for your input string. Not sure why; when I tried passing that exact URL to my local ldap_url_parse() it gives back the string "<DC>". I don't expect that to actually work (perhaps Windows LDAP understands "<DC>" here, but I don't think OpenLDAP does) but that's another problem. [1] https://github.com/postgres/postgres/blob/REL_10_STABLE/src/backend/libpq/hba.c#L1746
В списке pgsql-bugs по дате отправления: