On Wed, Aug 2, 2017 at 5:36 AM, Peter Eisentraut
<peter.eisentraut@2ndquadrant.com> wrote:
> On 7/16/17 19:09, Thomas Munro wrote:
>> On Mon, Jul 17, 2017 at 10:26 AM, Thomas Munro
>> <thomas.munro@enterprisedb.com> wrote:
>>> ldap-search-filters-v2.patch
>>
>> Gah, it would help if I could spell "occurrences" correctly. Fixed in
>> the attached.
>
> Please also add the corresponding support for specifying search filters
> in LDAP URLs. See RFC 4516 for the format and
> https://linux.die.net/man/3/ldap_url_parse for the API. You might just
> need to grab LDAPURLDesc.lud_filter and use it.
Good idea. Yes, it seems to be that simple. Here's a version like
that. Here's an example of how it looks in pg_hba.conf:
host all all 127.0.0.1/32 ldap
ldapurl="ldap://localhost/ou=people1,dc=my-domain,dc=com??sub?(cn=%25u)"
Maybe we could choose a better token than %u for user name, since it
has to be escaped when included in a URL like that, but on the other
hand there seems to be wide precedent for %u in other software.
--
Thomas Munro
http://www.enterprisedb.com
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
