Thread: Description of Authentication Methods Supported for Map is Misleading

Description of Authentication Methods Supported for Map is Misleading

From

PG Doc comments form

Date:

05 December 2019, 23:43:33

The following documentation comment has been logged on the website:

Page: https://www.postgresql.org/docs/10/auth-pg-hba-conf.html
Description:

"This option is supported for all authentication methods that receive
external user names."

More properly, the authentication methods supported are:  ident, peer,
gassapi, sspi, and cert.  

LDAP is not supported and attempting to use map with LDAP provides the
following error: 
'authentication option ""map"" is only valid for authentication methods
ident, peer, gssapi, sspi, and cert'

Re: Description of Authentication Methods Supported for Map is Misleading

From

Magnus Hagander

Date:

06 December 2019, 16:16:12

On Fri, Dec 6, 2019 at 10:13 AM PG Doc comments form <noreply@postgresql.org> wrote:

The following documentation comment has been logged on the website:

Page: https://www.postgresql.org/docs/10/auth-pg-hba-conf.html
Description:

"This option is supported for all authentication methods that receive
external user names."

More properly, the authentication methods supported are: ident, peer,
gassapi, sspi, and cert.

LDAP is not supported and attempting to use map with LDAP provides the
following error:
'authentication option ""map"" is only valid for authentication methods
ident, peer, gssapi, sspi, and cert'

This is correct. LDAP authentication does not receive external usernames. It uses an external service to validate the password, but it gets the username from the client.

Magnus Hagander
Me: https://www.hagander.net/
Work: https://www.redpill-linpro.com/