public inbox for [email protected]
help / color / mirror / Atom feedFrom: Andrew Jackson <[email protected]>
To: pgsql-hackers <[email protected]>
Cc: Roman Khapov <[email protected]>
Cc: [email protected]
Subject: Re: Add ldapservice connection parameter
Date: Sun, 22 Mar 2026 18:38:41 -0500
Message-ID: <CAKK5BkE_+rCKgZz7+VNNfH_Jm1H6=RcHxg8mmojyR8pu-LOh5w@mail.gmail.com> (raw)
In-Reply-To: <CAKK5BkFxWnddC2=mbHpojWnOLe=x3vLftaMUkO3ocJwqZN7Tug@mail.gmail.com>
References: <CAKK5BkFOFGfKJNbTuYBvE0PfpHmW8iZEmdNogaCYqjAOhtNgDg@mail.gmail.com>
<[email protected]>
<CAKK5BkFxWnddC2=mbHpojWnOLe=x3vLftaMUkO3ocJwqZN7Tug@mail.gmail.com>
Hi,
Noticed 1 variable that was unused during non-LDAP builds. Tested
locally and did not see the error/warning. Also some minor cleanup
(comments, definition placement, etc).
Thanks,
Andrew Jackson
On Mon, Jan 12, 2026 at 5:53 PM Andrew Jackson
<[email protected]> wrote:
>
> Steven and Roman, Thank you for the review.
>
> Here is an updated patch that addresses both of these issues.
>
> On Mon, Jan 12, 2026 at 4:06 AM Roman Khapov <[email protected]> wrote:
> >
> > Hi!
> >
> > Thanks for your patch!
> >
> > Adding to the one Steven wrote, I noticed one typo in the patch:
> >
> > @@ -2337,7 +2337,7 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname
> > <term><literal>ldapservice</literal></term>
> > <listitem>
> > <para>
> > - This option specifies an LDAP query that can be used to reference connection paremeters
> > + This option specifies an LDAP query that can be used to reference connection parameters
> > stored in an LDAP server. This functionality is described in more detail in <xref linkend="libpq-ldap"/>.
> > </para>
> >
> > paremeters -> parameters
> >
> > --
> > Best regards,
> > Roman Khapov
Attachments:
[text/x-patch] 0003-Add-ldapservice-connection-parameter.patch (4.6K, 2-0003-Add-ldapservice-connection-parameter.patch)
download | inline diff:
From e429c7f5387466fddcd765eb65f23db21f19e769 Mon Sep 17 00:00:00 2001
From: CommanderKeynes <[email protected]>
Date: Sun, 23 Mar 2025 17:27:32 -0500
Subject: [PATCH] Add ldapservice connection parameter
Currently there exists, only in pg_service.conf, the ability to look
up connection parameters from a centralized LDAP server. This patch
expands the usability of this be allowing it to be specified directly in
a connection string instead of only in a pg_service.conf file.
---
doc/src/sgml/libpq.sgml | 10 ++++++++++
src/interfaces/libpq/fe-connect.c | 14 ++++++++++++++
src/interfaces/libpq/libpq-int.h | 1 +
.../ldap/t/003_ldap_connection_param_lookup.pl | 12 ++++++++++++
4 files changed, 37 insertions(+)
diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml
index 7d05938feda..20a48a22c6b 100644
--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
@@ -2333,6 +2333,16 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname
</listitem>
</varlistentry>
+ <varlistentry id="libpq-connect-ldapservice" xreflabel="ldapservice">
+ <term><literal>ldapservice</literal></term>
+ <listitem>
+ <para>
+ This option specifies an LDAP query that can be used to reference connection parameters
+ stored in an LDAP server. This functionality is described in more detail in <xref linkend="libpq-ldap"/>.
+ </para>
+ </listitem>
+ </varlistentry>
+
<varlistentry id="libpq-connect-target-session-attrs" xreflabel="target_session_attrs">
<term><literal>target_session_attrs</literal></term>
<listitem>
diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c
index a0d2f749811..7a6caaebd88 100644
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@@ -206,6 +206,10 @@ static const internalPQconninfoOption PQconninfoOptions[] = {
"Database-Service-File", "", 64,
offsetof(struct pg_conn, pgservicefile)},
+ {"ldapservice", "PGLDAPSERVICE", NULL, NULL,
+ "Database-LDAP-Service", "", 20,
+ offsetof(struct pg_conn, pgldapservice)},
+
{"user", "PGUSER", NULL, NULL,
"Database-User", "", 20,
offsetof(struct pg_conn, pguser)},
@@ -5955,12 +5959,22 @@ parseServiceInfo(PQconninfoOption *options, PQExpBuffer errorMessage)
{
const char *service = conninfo_getval(options, "service");
const char *service_fname = conninfo_getval(options, "servicefile");
+#ifdef USE_LDAP
+ const char *ldapservice = conninfo_getval(options, "ldapservice");
+#endif
char serviceFile[MAXPGPATH];
char *env;
bool group_found = false;
int status;
struct stat stat_buf;
+#ifdef USE_LDAP
+ if (ldapservice != NULL)
+ if (strncmp(ldapservice, "ldap", 4) == 0)
+ if (!ldapServiceLookup(ldapservice, options, errorMessage))
+ return 0;
+#endif
+
/*
* We have to special-case the environment variable PGSERVICE here, since
* this is and should be called before inserting environment defaults for
diff --git a/src/interfaces/libpq/libpq-int.h b/src/interfaces/libpq/libpq-int.h
index fb6a7cbf15d..b540d3ac054 100644
--- a/src/interfaces/libpq/libpq-int.h
+++ b/src/interfaces/libpq/libpq-int.h
@@ -392,6 +392,7 @@ struct pg_conn
char *pgservice; /* Postgres service, if any */
char *pgservicefile; /* path to a service file containing
* service(s) */
+ char *pgldapservice; /* Postgres LDAP service, if any */
char *pguser; /* Postgres username and password, if any */
char *pgpass;
char *pgpassfile; /* path to a file containing password(s) */
diff --git a/src/test/ldap/t/003_ldap_connection_param_lookup.pl b/src/test/ldap/t/003_ldap_connection_param_lookup.pl
index 359fc7a998a..6985be65408 100644
--- a/src/test/ldap/t/003_ldap_connection_param_lookup.pl
+++ b/src/test/ldap/t/003_ldap_connection_param_lookup.pl
@@ -196,6 +196,18 @@ local $ENV{PGSERVICEFILE} = "$srvfile_empty";
expected_stdout =>
qr/definition of service "undefined-service" not found/);
+ $dummy_node->connect_ok(
+ "ldapservice=ldap://localhost:$ldap_port/dc=example,dc=net?description?one?(cn=mydatabase)",
+ 'connection with correct "ldapservice" string',
+ sql => "SELECT 'connect2_4'",
+ expected_stdout => qr/connect2_4/);
+
+ $dummy_node->connect_ok(
+ "postgres://?ldapservice=ldap%3A%2F%2Flocalhost%3A$ldap_port%2Fdc%3Dexample%2Cdc%3Dnet%3Fdescription%3Fone%3F%28cn%3Dmydatabase%29",
+ 'connection with correct "ldapservice"',
+ sql => "SELECT 'connect2_5'",
+ expected_stdout => qr/connect2_5/);
+
# Remove default pg_service.conf.
unlink($srvfile_default);
}
--
2.51.2
view thread (10+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected]
Subject: Re: Add ldapservice connection parameter
In-Reply-To: <CAKK5BkE_+rCKgZz7+VNNfH_Jm1H6=RcHxg8mmojyR8pu-LOh5w@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox