I am now in the process of writing a patch against CVS HEAD that
changes fe-connect.c as follows:

- If there is a 'service' option or PGSERVICE is set, AND the
PGLDAPSERVERS is set to a comma separated list of LDAP server URIs,
LDAP name resolution cuts in.
- Before pg_services.conf is examined, the LDAP servers are contacted
in order until a connection can be established.
- The server is queried for an entry whose distinguished name is
the value of 'service'. A certain attribute is retrieved.
- The resulting string is parsed for options.
- If that fails, pg_services.conf is read as fallback.

I have added a configure option --with-openldap to enable the code.

Does that make sense to you?

Should I try to polish and test the code and submit it as a patch
or is this a lost effort?

Do you have ideas for improvement?
Thank you also for drawing my attention to pg_service.conf - I have
been aware of it.
There are two 'shortcomings':
- It still means that you have to change the config file on every
Well yes. However, you could generate the config file automatically
from another source, either LDAP or something else.
this is definitely the best way of doing it. in fact some folks out
there use similar configurations to manager large scale systems
Having to update configuration files on all clients is always a hassle.
Of course it can be done, but isn't it much nicer to have the client
query a configuration server at connection time?

Laurenz Albe

Search Discussions

Discussion Posts


Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 11 of 18 | next ›
Discussion Overview
grouppgsql-hackers @
postedFeb 20, '06 at 1:36p
activeFeb 28, '06 at 5:33p



site design / logo © 2021 Grokbase