Allow LDAP lookups from pg_service.conf.

Albe Laurenz

Allow LDAP lookups from pg_service.conf.
Albe Laurenz
43c79378 · Bruce Momjian · b517e653 · 43c79378 · 43c79378 · 43c79378
Commit 43c79378 authored Jul 27, 2006 by Bruce Momjian
5 changed files
--- a/configure
+++ b/configure
@@ -17314,6 +17314,91 @@ _ACEOF
 fi
+# this will link libpq against libldap_r
+if test "$with_ldap" = yes ; then
+  if test "$PORTNAME" != "win32"; then
+echo "$as_me:$LINENO: checking for ldap_simple_bind in -lldap_r" >&5
+echo $ECHO_N "checking for ldap_simple_bind in -lldap_r... $ECHO_C" >&6
+if test "${ac_cv_lib_ldap_r_ldap_simple_bind+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lldap_r  $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char ldap_simple_bind ();
+int
+main ()
+{
+ldap_simple_bind ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_lib_ldap_r_ldap_simple_bind=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+ac_cv_lib_ldap_r_ldap_simple_bind=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_ldap_r_ldap_simple_bind" >&5
+echo "${ECHO_T}$ac_cv_lib_ldap_r_ldap_simple_bind" >&6
+if test $ac_cv_lib_ldap_r_ldap_simple_bind = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBLDAP_R 1
+_ACEOF
+  LIBS="-lldap_r $LIBS"
+else
+  { { echo "$as_me:$LINENO: error: library 'ldap_r' is required for LDAP" >&5
+echo "$as_me: error: library 'ldap_r' is required for LDAP" >&2;}
+   { (exit 1); exit 1; }; }
+fi
+    PTHREAD_LIBS="$PTHREAD_LIBS -lldap_r"
+  fi
+fi
 CFLAGS="$_CFLAGS"
 LIBS="$_LIBS"

--- a/configure.in
+++ b/configure.in
 dnl Process this file with autoconf to produce a configure script.
-dnl $PostgreSQL: pgsql/configure.in,v 1.469 2006/07/24 16:32:44 petere Exp $
+dnl $PostgreSQL: pgsql/configure.in,v 1.470 2006/07/27 13:20:24 momjian Exp $
 dnl
 dnl Developers, please strive to achieve this order:
 dnl
@@ -1106,6 +1106,14 @@ AC_CHECK_FUNCS([strerror_r getpwuid_r gethostbyname_r])
 PGAC_FUNC_GETPWUID_R_5ARG
 PGAC_FUNC_STRERROR_R_INT
+# this will link libpq against libldap_r
+if test "$with_ldap" = yes ; then
+  if test "$PORTNAME" != "win32"; then
+    AC_CHECK_LIB(ldap_r,    ldap_simple_bind, [], [AC_MSG_ERROR([library 'ldap_r' is required for LDAP])])
+    PTHREAD_LIBS="$PTHREAD_LIBS -lldap_r"
+  fi
+fi
 CFLAGS="$_CFLAGS"
 LIBS="$_LIBS"

--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
-<!-- $PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.213 2006/07/04 13:22:15 momjian Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.214 2006/07/27 13:20:24 momjian Exp $ -->
 <chapter id="libpq">
  <title><application>libpq</application> - C Library</title>
@@ -4126,6 +4126,72 @@ installs too. The file's location can also be specified by the
 </sect1>
+<sect1 id="libpq-ldap">
+ <title>LDAP Lookup of Connection Parameters</title>
+<indexterm zone="libpq-ldap">
+ <primary>LDAP connection parameter lookup</primary>
+</indexterm>
+<para>
+If <application>libpq</application> has been compiled with LDAP support (option
+<literal><option>--with-ldap</option></literal> for <command>configure</command>)
+it is possible to retrieve connection options like <literal>host</literal>
+or <literal>dbname</literal> via LDAP from a central server.
+The advantage is that if the connection parameters for a database change,
+the connection information doesn't have to be updated on all client machines.
+</para>
+<para>
+LDAP connection parameter lookup uses the connection service file
+<filename>pg_service.conf</filename> (see <xref linkend="libpq-pgservice">).
+A line in a <filename>pg_service.conf</filename> stanza that starts with
+<literal>ldap://</literal> will be recognized as an LDAP URL and an LDAP
+query will be performed. The result must be a list of <literal>keyword =
+value</literal> pairs which will be used to set connection options.
+The URL must conform to RFC 1959 and be of the form
+<synopsis>
+ldap://[<replaceable>hostname</replaceable>[:<replaceable>port</replaceable>]]/<replaceable>search_base</replaceable>?<replaceable>attribute</replaceable>?<replaceable>search_scope</replaceable>?<replaceable>filter</replaceable>
+</synopsis>
+where <replaceable>hostname</replaceable>
+defaults to <literal>localhost</literal> and
+<replaceable>port</replaceable> defaults to 389.
+</para>
+<para>
+Processing of <filename>pg_service.conf</filename> is terminated after
+a successful LDAP lookup, but is continued if the LDAP server cannot be
+contacted.  This is to provide a fallback with
+further LDAP URL lines that point to different LDAP
+servers, classical <literal>keyword = value</literal> pairs, or
+default connection options.
+If you would rather get an error message in this case, add a
+syntactically incorrect line after the LDAP URL.
+</para>
+<para>
+A sample LDAP entry that has been created with the LDIF file
+<synopsis>
+version:1
+dn:cn=mydatabase,dc=mycompany,dc=com
+changetype:add
+objectclass:top
+objectclass:groupOfUniqueNames
+cn:mydatabase
+uniqueMember:host=dbserver.mycompany.com
+uniqueMember:port=5439
+uniqueMember:dbname=mydb
+uniqueMember:user=mydb_user
+uniqueMember:sslmode=require
+</synopsis>
+might be queried with the following LDAP URL:
+<synopsis>
+ldap://ldap.mycompany.com/dc=mycompany,dc=com?uniqueMember?one?(cn=mydatabase)
+</synopsis>
+</para>
+</sect1>
 <sect1 id="libpq-ssl">
 <title>SSL Support</title>

--- a/src/interfaces/libpq/Makefile
+++ b/src/interfaces/libpq/Makefile
@@ -5,7 +5,7 @@
 # Portions Copyright (c) 1996-2006, PostgreSQL Global Development Group
 # Portions Copyright (c) 1994, Regents of the University of California
 #
-# $PostgreSQL: pgsql/src/interfaces/libpq/Makefile,v 1.146 2006/07/18 22:18:08 momjian Exp $
+# $PostgreSQL: pgsql/src/interfaces/libpq/Makefile,v 1.147 2006/07/27 13:20:24 momjian Exp $
 #
 #-------------------------------------------------------------------------
@@ -62,7 +62,7 @@ else
 SHLIB_LINK += $(filter -lcrypt -ldes -lcom_err -lcrypto -lk5crypto -lkrb5 -lssl -lsocket -lnsl -lresolv -lintl $(PTHREAD_LIBS), $(LIBS))
 endif
 ifeq ($(PORTNAME), win32)
-SHLIB_LINK += -lshfolder -lwsock32 -lws2_32 $(filter -leay32 -lssleay32 -lcomerr32 -lkrb5_32, $(LIBS))
+SHLIB_LINK += -lshfolder -lwsock32 -lws2_32 $(filter -leay32 -lssleay32 -lcomerr32 -lkrb5_32 -lwldap32, $(LIBS))
 endif

--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c