public inbox for [email protected]
help / color / mirror / Atom feedAdd ldapservice connection parameter
2+ messages / 2 participants
[nested] [flat]
* Add ldapservice connection parameter
@ 2026-01-12 02:50 Andrew Jackson <[email protected]>
2026-01-12 10:05 ` Re: Add ldapservice connection parameter Roman Khapov <[email protected]>
0 siblings, 1 reply; 2+ messages in thread
From: Andrew Jackson @ 2026-01-12 02:50 UTC (permalink / raw)
To: pgsql-hackers
Currently there exists, only in pg_service.conf, the ability to look
up connection parameters from a centralized LDAP server. This patch
expands the usability of this by allowing it to be specified directly in
a connection string instead of only in a pg_service.conf file.
Attachments:
[text/x-patch] 0001-Add-ldapservice-connection-parameter.patch (4.6K, 2-0001-Add-ldapservice-connection-parameter.patch)
download | inline diff:
From 0f51ee971e8b23c5cd50e48ff6c1e70391d1ad30 Mon Sep 17 00:00:00 2001
From: Andrew Jackson <[email protected]>
Date: Sun, 23 Mar 2025 17:27:32 -0500
Subject: [PATCH] Add ldapservice connection parameter
Currently there exists, only in pg_service.conf, the ability to look
up connection parameters from a centralized LDAP server. This patch
expands the usability of this be allowing it to be specified directly in
a connection string instead of only in a pg_service.conf file.
---
doc/src/sgml/libpq.sgml | 10 ++++++++++
src/interfaces/libpq/fe-connect.c | 12 ++++++++++++
src/interfaces/libpq/libpq-int.h | 1 +
src/test/ldap/t/003_ldap_connection_param_lookup.pl | 12 ++++++++++++
4 files changed, 35 insertions(+)
diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml
index 7d05938feda..cf5b132435f 100644
--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
@@ -2333,6 +2333,16 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname
</listitem>
</varlistentry>
+ <varlistentry id="libpq-connect-ldapservice" xreflabel="ldapservice">
+ <term><literal>ldapservice</literal></term>
+ <listitem>
+ <para>
+ This option specifies an LDAP query that can be used to reference connection paremeters
+ stored in an LDAP server. This functionality is described in more detail in <xref linkend="libpq-ldap"/>.
+ </para>
+ </listitem>
+ </varlistentry>
+
<varlistentry id="libpq-connect-target-session-attrs" xreflabel="target_session_attrs">
<term><literal>target_session_attrs</literal></term>
<listitem>
diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c
index a0d2f749811..b94a7867f99 100644
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@@ -206,6 +206,10 @@ static const internalPQconninfoOption PQconninfoOptions[] = {
"Database-Service-File", "", 64,
offsetof(struct pg_conn, pgservicefile)},
+ {"ldapservice", "PGLDAPSERVICE", NULL, NULL,
+ "Database-LDAP-Service", "", 20,
+ offsetof(struct pg_conn, pgldapservice)},
+
{"user", "PGUSER", NULL, NULL,
"Database-User", "", 20,
offsetof(struct pg_conn, pguser)},
@@ -5955,6 +5959,7 @@ parseServiceInfo(PQconninfoOption *options, PQExpBuffer errorMessage)
{
const char *service = conninfo_getval(options, "service");
const char *service_fname = conninfo_getval(options, "servicefile");
+ const char *ldapservice = conninfo_getval(options, "ldapservice");
char serviceFile[MAXPGPATH];
char *env;
bool group_found = false;
@@ -5969,6 +5974,13 @@ parseServiceInfo(PQconninfoOption *options, PQExpBuffer errorMessage)
if (service == NULL)
service = getenv("PGSERVICE");
+#ifdef USE_LDAP
+ if (ldapservice != NULL)
+ if (strncmp(ldapservice, "ldap", 4) == 0)
+ if (!ldapServiceLookup(ldapservice, options, errorMessage))
+ return 0;
+#endif
+
/* If no service name given, nothing to do */
if (service == NULL)
return 0;
diff --git a/src/interfaces/libpq/libpq-int.h b/src/interfaces/libpq/libpq-int.h
index fb6a7cbf15d..b540d3ac054 100644
--- a/src/interfaces/libpq/libpq-int.h
+++ b/src/interfaces/libpq/libpq-int.h
@@ -392,6 +392,7 @@ struct pg_conn
char *pgservice; /* Postgres service, if any */
char *pgservicefile; /* path to a service file containing
* service(s) */
+ char *pgldapservice; /* Postgres LDAP service, if any */
char *pguser; /* Postgres username and password, if any */
char *pgpass;
char *pgpassfile; /* path to a file containing password(s) */
diff --git a/src/test/ldap/t/003_ldap_connection_param_lookup.pl b/src/test/ldap/t/003_ldap_connection_param_lookup.pl
index 359fc7a998a..6985be65408 100644
--- a/src/test/ldap/t/003_ldap_connection_param_lookup.pl
+++ b/src/test/ldap/t/003_ldap_connection_param_lookup.pl
@@ -196,6 +196,18 @@ local $ENV{PGSERVICEFILE} = "$srvfile_empty";
expected_stdout =>
qr/definition of service "undefined-service" not found/);
+ $dummy_node->connect_ok(
+ "ldapservice=ldap://localhost:$ldap_port/dc=example,dc=net?description?one?(cn=mydatabase)",
+ 'connection with correct "ldapservice" string',
+ sql => "SELECT 'connect2_4'",
+ expected_stdout => qr/connect2_4/);
+
+ $dummy_node->connect_ok(
+ "postgres://?ldapservice=ldap%3A%2F%2Flocalhost%3A$ldap_port%2Fdc%3Dexample%2Cdc%3Dnet%3Fdescription%3Fone%3F%28cn%3Dmydatabase%29",
+ 'connection with correct "ldapservice"',
+ sql => "SELECT 'connect2_5'",
+ expected_stdout => qr/connect2_5/);
+
# Remove default pg_service.conf.
unlink($srvfile_default);
}
--
2.49.0
^ permalink raw reply [nested|flat] 2+ messages in thread
* Re: Add ldapservice connection parameter
2026-01-12 02:50 Add ldapservice connection parameter Andrew Jackson <[email protected]>
@ 2026-01-12 10:05 ` Roman Khapov <[email protected]>
0 siblings, 0 replies; 2+ messages in thread
From: Roman Khapov @ 2026-01-12 10:05 UTC (permalink / raw)
To: Andrew Jackson <[email protected]>; +Cc: pgsql-hackers
Hi!
Thanks for your patch!
Adding to the one Steven wrote, I noticed one typo in the patch:
@@ -2337,7 +2337,7 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname
<term><literal>ldapservice</literal></term>
<listitem>
<para>
- This option specifies an LDAP query that can be used to reference connection paremeters
+ This option specifies an LDAP query that can be used to reference connection parameters
stored in an LDAP server. This functionality is described in more detail in <xref linkend="libpq-ldap"/>.
</para>
paremeters -> parameters
--
Best regards,
Roman Khapov
^ permalink raw reply [nested|flat] 2+ messages in thread
end of thread, other threads:[~2026-01-12 10:05 UTC | newest]
Thread overview: 2+ messages (download: mbox mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2026-01-12 02:50 Add ldapservice connection parameter Andrew Jackson <[email protected]>
2026-01-12 10:05 ` Roman Khapov <[email protected]>
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox