MIME-Version: 1.0
References: <157557861394.25850.9731098233662922606@wrigleys.postgresql.org>
In-Reply-To: <157557861394.25850.9731098233662922606@wrigleys.postgresql.org>
From: Magnus Hagander <magnus@hagander.net>
Date: Fri, 6 Dec 2019 14:16:12 +0100
Message-ID: 
 <CABUevExW1eW9zqdiXUFLnyT1Jqb92rRbpywbcaxHcugvx15iMw@mail.gmail.com>
Subject: Re: Description of Authentication Methods Supported for Map is
 Misleading
To: kevin.j.hutchison@gmail.com, Pg Docs <pgsql-docs@lists.postgresql.org>
Content-Type: multipart/alternative; boundary="0000000000003a605d059908dacd"
Precedence: bulk

--0000000000003a605d059908dacd
Content-Type: text/plain; charset="UTF-8"

On Fri, Dec 6, 2019 at 10:13 AM PG Doc comments form <noreply@postgresql.org>
wrote:

> The following documentation comment has been logged on the website:
>
> Page: https://www.postgresql.org/docs/10/auth-pg-hba-conf.html
> Description:
>
> "This option is supported for all authentication methods that receive
> external user names."
>
> More properly, the authentication methods supported are:  ident, peer,
> gassapi, sspi, and cert.
>
> LDAP is not supported and attempting to use map with LDAP provides the
> following error:
> 'authentication option ""map"" is only valid for authentication methods
> ident, peer, gssapi, sspi, and cert'
>

This is correct. LDAP authentication does not receive external usernames.
It uses an external service to validate the password, but it gets the
username from the client.

-- 
 Magnus Hagander
 Me: https://www.hagander.net/ <http://www.hagander.net/>
 Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>

--0000000000003a605d059908dacd
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr">On Fri, Dec 6, 2019 at 10:13 AM PG Doc co=
mments form &lt;<a href=3D"mailto:noreply@postgresql.org">noreply@postgresq=
l.org</a>&gt; wrote:<br></div><div class=3D"gmail_quote"><blockquote class=
=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rg=
b(204,204,204);padding-left:1ex">The following documentation comment has be=
en logged on the website:<br>
<br>
Page: <a href=3D"https://www.postgresql.org/docs/10/auth-pg-hba-conf.html" =
rel=3D"noreferrer" target=3D"_blank">https://www.postgresql.org/docs/10/aut=
h-pg-hba-conf.html</a><br>
Description:<br>
<br>
&quot;This option is supported for all authentication methods that receive<=
br>
external user names.&quot;<br>
<br>
More properly, the authentication methods supported are:=C2=A0 ident, peer,=
<br>
gassapi, sspi, and cert.=C2=A0 <br>
<br>
LDAP is not supported and attempting to use map with LDAP provides the<br>
following error: <br>
&#39;authentication option &quot;&quot;map&quot;&quot; is only valid for au=
thentication methods<br>
ident, peer, gssapi, sspi, and cert&#39;<br>
</blockquote></div><div><br></div>This is correct. LDAP authentication does=
 not receive external usernames. It uses an external service to validate th=
e password, but it gets the username from the client.<br clear=3D"all"><div=
><br></div>-- <br><div dir=3D"ltr" class=3D"gmail_signature"><div dir=3D"lt=
r"><div>=C2=A0Magnus Hagander<br>=C2=A0Me: <a href=3D"http://www.hagander.n=
et/" target=3D"_blank">https://www.hagander.net/</a><br>=C2=A0Work: <a href=
=3D"http://www.redpill-linpro.com/" target=3D"_blank">https://www.redpill-l=
inpro.com/</a></div></div></div></div>

--0000000000003a605d059908dacd--