If libpq has been compiled with LDAP support (option
for --with-ldap
configure
)
it is possible to retrieve connection options like host
or dbname
via LDAP from a central server.
The advantage is that if the connection parameters for a database change,
the connection information doesn't have to be updated on all client machines.
LDAP connection parameter lookup uses the connection service file
pg_service.conf
(see Section 29.14, “The Connection Service File”).
A line in a pg_service.conf
stanza that starts with
ldap://
will be recognized as an LDAP URL and an LDAP
query will be performed. The result must be a list of keyword =
value
pairs which will be used to set connection options.
The URL must conform to RFC 1959 and be of the form
ldap://[hostname
[:port
]]/search_base
?attribute
?search_scope
?filter
where hostname
defaults to localhost
and
port
defaults to 389.
Processing of pg_service.conf
is terminated after
a successful LDAP lookup, but is continued if the LDAP server cannot be
contacted. This is to provide a fallback with
further LDAP URL lines that point to different LDAP
servers, classical keyword = value
pairs, or
default connection options.
If you would rather get an error message in this case, add a
syntactically incorrect line after the LDAP URL.
A sample LDAP entry that has been created with the LDIF file
version:1 dn:cn=mydatabase,dc=mycompany,dc=com changetype:add objectclass:top objectclass:groupOfUniqueNames cn:mydatabase uniqueMember:host=dbserver.mycompany.com uniqueMember:port=5439 uniqueMember:dbname=mydb uniqueMember:user=mydb_user uniqueMember:sslmode=require
might be queried with the following LDAP URL:
ldap://ldap.mycompany.com/dc=mycompany,dc=com?uniqueMember?one?(cn=mydatabase)