Re: [GENERAL] LDAP service lookup - Mailing list pgsql-hackers
| From | Dawid Kuroczko |
|---|---|
| Subject | Re: [GENERAL] LDAP service lookup |
| Date | |
| Msg-id | 758d5e7f0708271601m145a9a2bve82f3ab665a39834@mail.gmail.com Whole thread Raw |
| In response to | Re: [GENERAL] LDAP service lookup ("Albe Laurenz" <all@adv.magwien.gv.at>) |
| List | pgsql-hackers |
On 8/27/07, Albe Laurenz <all@adv.magwien.gv.at> wrote:
> Dawid Kuroczko wrote:
> >>> Then again, apart from libpq I don't see it mentioned anywhere.
> [...]
> > Looking at the 8.3devel documentation...
> >
> > I think it should be mentioned in 18. Server Configuration. probably
> > somewhere in 18.3 Connections and Authentication, that there is
> > a possibility of using Service names instead of traditional connect
> > strings -- and a link pointing to libpq-ldap documentation.
> > This would make people much less likely to miss this point, especially
> > if they don't plan to code in libpq C library. :-)
> The server config options are not a good place.
Which I do know, but it's just "if it were there, I would have spotted it
much earlier" sort of argument.
Incidentally, this is a question for people who have access to www
access logs. Which sections of documentation have highest "hit rate"?
My guess would be: Server Configuration and SQL Reference, but it
would be interesting to see one.
> But it could be mentioned in the 'psql' man page, under
> 'Connection to a database':
>
> $ psql "service=myservice sslmode=require"
I think it defenately should.
> If there are no objections, I'd create a documentation patch for this.
>
> > And, while not belonging to PostgreSQL documentation, but defenately
> > belonging iin techdocs, whould be a step-by-step guide of setting up
> > pg_services in OID and other LDAP servers. Funny thing, I think I'll
> > be looking at putting pg_services in OID as well.
>
> Hmm, a tutorial for configuring LDAP servers would be quite off topic.
> I think that the examples in Section 30.15 are sufficient for somebody
> who is familiar with LDAP.
I have been playing with it for a few moments now. i think there should
be mentioned in the documentation that pg_service.conf can also
contain static "service definitions", and it also would be valuable to
add into pg_service.conf.sample an example ldap:// stanza, so if
person opens the file, she will be enlightened.
And a missing feature. Or rather treat it as feature request. :-)
A "wildcard entry". I would like to set my environment that,
on each client I would put pg_service.conf having two and only
two LDAP servers in it (second one for failover. I think the entry
might look like:
### wildcard entry:
[%] # or [*] ?
ldap://ldap1.mycompany.com/dc=mycompany,dc=com?uniqueMember?one?(cn=%s)
ldap://ldap2.mycompany.com/dc=mycompany,dc=com?uniqueMember?one?(cn=%s)
Which, when given:
psql "service = foobarbaz"
..would query ...?(cn=foobarbaz)
Deploying a new database would be as simple as adding it into LDAP.
Regards,
Dawid
pgsql-hackers by date: