32.18. LDAP Lookup of Connection Parameters
If
libpq
has been compiled with LDAP support (option
for
--with-ldap
configure
)
it is possible to retrieve connection options like
host
or
dbname
via LDAP from a central server.
The advantage is that if the connection parameters for a database change,
the connection information doesn't have to be updated on all client machines.
LDAP connection parameter lookup uses the connection service file
pg_service.conf
(see
Section 32.17
). A line in a
pg_service.conf
stanza that starts with
ldap://
will be recognized as an LDAP URL and an
LDAP query will be performed. The result must be a list of
keyword = value
pairs which will be used to set
connection options. The URL must conform to
RFC 1959
and be of the form
ldap://[hostname[:port]]/search_base?attribute?search_scope?filter
where
hostname
defaults to
localhost
and
port
defaults to 389.
Processing of
pg_service.conf
is terminated after
a successful LDAP lookup, but is continued if the LDAP server cannot
be contacted. This is to provide a fallback with further LDAP URL
lines that point to different LDAP servers, classical
keyword
= value
pairs, or default connection options. If you would
rather get an error message in this case, add a syntactically incorrect
line after the LDAP URL.
A sample LDAP entry that has been created with the LDIF file
version:1 dn:cn=mydatabase,dc=mycompany,dc=com changetype:add objectclass:top objectclass:device cn:mydatabase description:host=dbserver.mycompany.com description:port=5439 description:dbname=mydb description:user=mydb_user description:sslmode=require
might be queried with the following LDAP URL:
ldap://ldap.mycompany.com/dc=mycompany,dc=com?description?one?(cn=mydatabase)
You can also mix regular service file entries with LDAP lookups.
A complete example for a stanza in
pg_service.conf
would be:
# only host and port are stored in LDAP, specify dbname and user explicitly [customerdb] dbname=customer user=appuser ldap://ldap.acme.com/cn=dbserver,cn=hosts?pgconnectinfo?base?(objectclass=*)