Thread: LDAP Authentication with spaces in DN

LDAP Authentication with spaces in DN

From
César Miguel Oliveira Alves
Date:
<div class="Section1"><p class="MsoNormal"><font face="Arial" size="2"><span lang="EN-GB" style="font-size:
10.0pt;font-family:Arial">I’m trying to configure LDAP authentication. Added a line to pg_hba.conf with the fowling
config:</span></font><pclass="MsoNormal"><font face="Arial" size="2"><span lang="EN-GB" style="font-size: 
10.0pt;font-family:Arial"> </span></font><p class="MsoNormal"><font face="Arial" size="2"><span lang="EN-GB"
style="font-size:
10.0pt;font-family:Arial">host    all         all         127.0.0.1/32          ldap  "ldap://ldapserver:389/o=My
Organization,C=PT;cn=;,o=My Organization,C=PT"</span></font><p class="MsoNormal"><font face="Arial" size="2"><span
lang="EN-GB"style="font-size: 
10.0pt;font-family:Arial"> </span></font><p class="MsoNormal"><font face="Arial" size="2"><span lang="EN-GB"
style="font-size:
10.0pt;font-family:Arial">when I try to authenticate I got a fatal error line in pg_log like this</span></font><p
class="MsoNormal"><fontface="Arial" size="2"><span lang="EN-GB" style="font-size: 
10.0pt;font-family:Arial"> </span></font><p class="MsoNormal"><font face="Arial" size="2"><span lang="EN-GB"
style="font-size:
10.0pt;font-family:Arial">LOG:  LDAP login failed for user "cn =user1,o=My" on server "ldapserver": error code
49</span></font><pclass="MsoNormal"><font face="Arial" size="2"><span lang="EN-GB" style="font-size: 
10.0pt;font-family:Arial">FATAL:  LDAP authentication failed for user "user1"</span></font><p class="MsoNormal"><font
face="Arial"size="2"><span lang="EN-GB" style="font-size: 
10.0pt;font-family:Arial"> </span></font><p class="MsoNormal"><font face="Arial" size="2"><span lang="EN-GB"
style="font-size:
10.0pt;font-family:Arial"> </span></font></div>

Re: LDAP Authentication with spaces in DN

From
César Miguel Oliveira Alves
Date:
<div class="Section1"><p class="MsoNormal"><font color="navy" face="Arial" size="2"><span lang="EN-GB"
style="font-size:10.0pt;font-family:Arial;color:navy">Digginginto postgres sources found the problem. File auth.c in
line1376 does some ldap configuration parse using sscanf with the mask “ldap://%127[^:]:%d/%127[^;];%127[^;];%127s”.
Thesscanf function reads until it finds a blank space, tab or new line, so if the string contains any blank space after
thelast ‘:’ everything else is ignored! </span></font><p class="MsoNormal"><font color="navy" face="Arial"
size="2"><spanlang="EN-GB" style="font-size:10.0pt;font-family:Arial;color:navy"> </span></font><p
class="MsoNormal"><fontcolor="navy" face="Arial" size="2"><span lang="EN-GB"
style="font-size:10.0pt;font-family:Arial;color:navy">PS:I’m using postgres 8.3.0 </span></font></div> 

Re: LDAP Authentication with spaces in DN

From
Tom Lane
Date:
César Miguel Oliveira Alves <calves@caso.pt> writes:
> Digging into postgres sources found the problem. File auth.c in line 1376
> does some ldap configuration parse using sscanf with the mask
> "ldap://%127[^:]:%d/%127[^;];%127[^;];%127s". The sscanf function reads
> until it finds a blank space, tab or new line, so if the string contains any
> blank space after the last ':' everything else is ignored!

Fixed, thanks for the report!
        regards, tom lane