32.18. LDAP Lookup of Connection Parameters#
Iflibpq has been compiled with LDAP support (option--with-ldapconfigure) it is possible to retrieve connection options likehost ordbname via LDAP from a central server. The advantage is that if the connection parameters for a database change, the connection information doesn't have to be updated on all client machines.
LDAP connection parameter lookup uses the connection service filepg_service.conf (seeSection 32.17). A line in apg_service.conf stanza that starts withldap:// will be recognized as an LDAP URL and an LDAP query will be performed. The result must be a list ofkeyword = value pairs which will be used to set connection options. The URL must conform toRFC 1959 and be of the form
ldap://[hostname[:port]]/search_base?attribute?search_scope?filter
wherehostname defaults tolocalhost andport defaults to 389.
Processing ofpg_service.conf is terminated after a successful LDAP lookup, but is continued if the LDAP server cannot be contacted. This is to provide a fallback with further LDAP URL lines that point to different LDAP servers, classicalkeyword = value pairs, or default connection options. If you would rather get an error message in this case, add a syntactically incorrect line after the LDAP URL.
A sample LDAP entry that has been created with the LDIF file
version:1dn:cn=mydatabase,dc=mycompany,dc=comchangetype:addobjectclass:topobjectclass:devicecn:mydatabasedescription:host=dbserver.mycompany.comdescription:port=5439description:dbname=mydbdescription:user=mydb_userdescription:sslmode=require
might be queried with the following LDAP URL:
ldap://ldap.mycompany.com/dc=mycompany,dc=com?description?one?(cn=mydatabase)
You can also mix regular service file entries with LDAP lookups. A complete example for a stanza inpg_service.conf would be:
# only host and port are stored in LDAP, specify dbname and user explicitly[customerdb]dbname=customeruser=appuserldap://ldap.acme.com/cn=dbserver,cn=hosts?pgconnectinfo?base?(objectclass=*)