PostgreSQL
33.17. LDAP Lookup of Connection Parameters
If libpq has been compiled with LDAP support (option --with-ldap
for configure
) it is possible to retrieve connection options like host
or dbname
via LDAP from a central server. The advantage is that if the connection parameters for a database change, the connection information doesn’t have to be updated on all client machines.
LDAP connection parameter lookup uses the connection service file pg_service.conf
(see Section 33.16). A line in a pg_service.conf
stanza that starts with ldap://
will be recognized as an LDAP URL and an LDAP query will be performed. The result must be a list of keyword = value
pairs which will be used to set connection options. The URL must conform to RFC 1959 and be of the form
ldap://[hostname[:port]]/search_base?attribute?search_scope?filter
where `hostname defaults to `localhost and `port` defaults to 389.
Processing of pg_service.conf
is terminated after a successful LDAP lookup, but is continued if the LDAP server cannot be contacted. This is to provide a fallback with further LDAP URL lines that point to different LDAP servers, classical keyword = value
pairs, or default connection options. If you would rather get an error message in this case, add a syntactically incorrect line after the LDAP URL.
A sample LDAP entry that has been created with the LDIF file
version:1
dn:cn=mydatabase,dc=mycompany,dc=com
changetype:add
objectclass:top
objectclass:device
cn:mydatabase
description:host=dbserver.mycompany.com
description:port=5439
description:dbname=mydb
description:user=mydb_user
description:sslmode=require
might be queried with the following LDAP URL:
ldap://ldap.mycompany.com/dc=mycompany,dc=com?description?one?(cn=mydatabase)
You can also mix regular service file entries with LDAP lookups. A complete example for a stanza in pg_service.conf
would be:
# only host and port are stored in LDAP, specify dbname and user explicitly
[customerdb]
dbname=customer
user=appuser
ldap://ldap.acme.com/cn=dbserver,cn=hosts?pgconnectinfo?base?(objectclass=*)
Prev | Up | Next |
---|---|---|
33.16. The Connection Service File |
33.18. SSL Support |
Submit correction
If you see anything in the documentation that is not correct, does not match your experience with the particular feature or requires further clarification, please use this form to report a documentation issue.
Copyright © 1996-2023 The PostgreSQL Global Development Group