2 32.18. LDAP Lookup of Connection Parameters #
4 If libpq has been compiled with LDAP support (option --with-ldap for
5 configure) it is possible to retrieve connection options like host or
6 dbname via LDAP from a central server. The advantage is that if the
7 connection parameters for a database change, the connection information
8 doesn't have to be updated on all client machines.
10 LDAP connection parameter lookup uses the connection service file
11 pg_service.conf (see Section 32.17). A line in a pg_service.conf stanza
12 that starts with ldap:// will be recognized as an LDAP URL and an LDAP
13 query will be performed. The result must be a list of keyword = value
14 pairs which will be used to set connection options. The URL must
15 conform to RFC 1959 and be of the form
16 ldap://[hostname[:port]]/search_base?attribute?search_scope?filter
18 where hostname defaults to localhost and port defaults to 389.
20 Processing of pg_service.conf is terminated after a successful LDAP
21 lookup, but is continued if the LDAP server cannot be contacted. This
22 is to provide a fallback with further LDAP URL lines that point to
23 different LDAP servers, classical keyword = value pairs, or default
24 connection options. If you would rather get an error message in this
25 case, add a syntactically incorrect line after the LDAP URL.
27 A sample LDAP entry that has been created with the LDIF file
29 dn:cn=mydatabase,dc=mycompany,dc=com
34 description:host=dbserver.mycompany.com
36 description:dbname=mydb
37 description:user=mydb_user
38 description:sslmode=require
40 might be queried with the following LDAP URL:
41 ldap://ldap.mycompany.com/dc=mycompany,dc=com?description?one?(cn=mydatabase)
43 You can also mix regular service file entries with LDAP lookups. A
44 complete example for a stanza in pg_service.conf would be:
45 # only host and port are stored in LDAP, specify dbname and user explicitly
49 ldap://ldap.acme.com/cn=dbserver,cn=hosts?pgconnectinfo?base?(objectclass=*)
begriffs.com / projects / ai-pg / blob