diff options
| author | Peter Eisentraut <peter_e@gmx.net> | 2012-12-03 23:29:56 -0500 |
|---|---|---|
| committer | Peter Eisentraut <peter_e@gmx.net> | 2012-12-03 23:31:02 -0500 |
| commit | aa2fec0a18e4d23272c78916ef318078c920611a (patch) | |
| tree | d4c4889cd4d21d10731cbe4652a5a3d4a23297ac /doc/src | |
| parent | 26374f2a0fc02b76a91b7565e908dbae99a3b5f9 (diff) | |
| download | postgresql-aa2fec0a18e4d23272c78916ef318078c920611a.tar.gz postgresql-aa2fec0a18e4d23272c78916ef318078c920611a.zip | |
Add support for LDAP URLs
Allow specifying LDAP authentication parameters as RFC 4516 LDAP URLs.
Diffstat (limited to 'doc/src')
| -rw-r--r-- | doc/src/sgml/client-auth.sgml | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml index d053fcebfd0..909c81bd408 100644 --- a/doc/src/sgml/client-auth.sgml +++ b/doc/src/sgml/client-auth.sgml @@ -1486,6 +1486,34 @@ omicron bryanh guest1 </para> </listitem> </varlistentry> + <varlistentry> + <term><literal>ldapurl</literal></term> + <listitem> + <para> + An RFC 4516 LDAP URL. This is an alternative way to write most of the + other LDAP options in a more compact and standard form. The format is +<synopsis> +ldap://[<replaceable>user</replaceable>[:<replaceable>password</replaceable>]@]<replaceable>host</replaceable>[:<replaceable>port</replaceable>]/<replaceable>basedn</replaceable>[?[<replaceable>attribute</replaceable>][?[<replaceable>scope</replaceable>]]] +</synopsis> + <replaceable>scope</replaceable> must be one + of <literal>base</literal>, <literal>one</literal>, <literal>sub</literal>, + typically the latter. Only one attribute is used, and some other + components of standard LDAP URLs such as filters and extensions are + not supported. + </para> + + <para> + To use encrypted LDAP connections, the <literal>ldaptls</literal> + option has to be used in addition to <literal>ldapurl</literal>. + The <literal>ldaps</literal> URL scheme (direct SSL connection) is not + supported. + </para> + + <para> + LDAP URLs are currently only supported with OpenLDAP, not on Windows. + </para> + </listitem> + </varlistentry> </variablelist> </para> @@ -1520,6 +1548,15 @@ host ... ldap ldapserver=ldap.example.net ldapbasedn="dc=example, dc=net" ldapse If that second connection succeeds, the database access is granted. </para> + <para> + Here is the same search+bind configuration written as a URL: +<programlisting> +host ... ldap lapurl="ldap://ldap.example.net/dc=example,dc=net?uid?sub" +</programlisting> + Some other software that supports authentication against LDAP uses the + same URL format, so it will be easier to share the configuration. + </para> + <tip> <para> Since LDAP often uses commas and spaces to separate the different |