The following bug has been logged online: Bug reference: 3095 Logged by: Joey Wang Email address: [EMAIL PROTECTED] PostgreSQL version: 8.2.3 Operating system: Linux Description: LDAP authentication parsing incorrectly Details:
LDAP authentication parsing has two bugs. When pg_hba.conf contains the a line host all all 127.0.0.1/24 ldap ldap://ActiveDirectory/dc=domain,dc=com;cn=;,cn=users We expect the parsing will construct a user DN as cn=userid,cn=users,dc=domain,dc=com But (1) dc=domain,dc=com is ignored. This is the src code from auth.c: ..... /* ldap, no port number */ r = sscanf(port->auth_arg, "ldap://%127[^/]/%127[^;];%127[^;];%127s";, server, basedn, prefix, suffix); ..... snprintf(fulluser, sizeof(fulluser), "%s%s%s", prefix, port->user_name, suffix); fulluser[sizeof(fulluser) - 1] = '\0'; r = ldap_simple_bind_s(ldap, fulluser, passwd); We can see the code did not use basedn. (2) suffix containing ',' is converted to other character. This bug is caused by parsing algrithm to treat comma as a token separator. ---------------------------(end of broadcast)--------------------------- TIP 4: Have you searched our list archives? http://archives.postgresql.org
