31.17. LDAP Lookup of Connection Parameters

Iflibpq has been compiled with LDAP support (option--with-ldap forconfigure) it is possible to retrieve connection options likehost ordbname via LDAP from a central server. The advantage is that if the connection parameters for a database change, the connection information doesn't have to be updated on all client machines.

LDAP connection parameter lookup uses the connection service filepg_service.conf (seeSection 31.16). A line in apg_service.conf stanza that starts withldap:// will be recognized as an LDAP URL and an LDAP query will be performed. The result must be a list ofkeyword = value pairs which will be used to set connection options. The URL must conform to RFC 1959 and be of the form

ldap://[hostname[:port]]/search_base?attribute?search_scope?filter

wherehostname defaults tolocalhost andport defaults to 389.

Processing ofpg_service.conf is terminated after a successful LDAP lookup, but is continued if the LDAP server cannot be contacted. This is to provide a fallback with further LDAP URL lines that point to different LDAP servers, classicalkeyword = value pairs, or default connection options. If you would rather get an error message in this case, add a syntactically incorrect line after the LDAP URL.

A sample LDAP entry that has been created with the LDIF file

version:1dn:cn=mydatabase,dc=mycompany,dc=comchangetype:addobjectclass:topobjectclass:devicecn:mydatabasedescription:host=dbserver.mycompany.comdescription:port=5439description:dbname=mydbdescription:user=mydb_userdescription:sslmode=require

might be queried with the following LDAP URL:

ldap://ldap.mycompany.com/dc=mycompany,dc=com?description?one?(cn=mydatabase)

You can also mix regular service file entries with LDAP lookups. A complete example for a stanza inpg_service.conf would be:

# only host and port are stored in LDAP, specify dbname and user explicitly[customerdb]dbname=customeruser=appuserldap://ldap.acme.com/cn=dbserver,cn=hosts?pgconnectinfo?base?(objectclass=*)