Hello,
I have an LDAP server where the DN looks like:
cn=robert fleming,cn=users,dc=abc,dc=example,dc=com
But I would like to authenticate to PostgreSQL using the "uid" LDAP attribute, which you may notice is *not* in the DN. It seems to me that PostgreSQL's LDAP support does not allow this.
Other software products I've seen support this by doing an LDAP query *first*, and then fetching/building the DN from the search result, and then using that DN to do the bind. Looking at the PostgreSQL source code, it seems like PostgreSQL expects to be able to do a bind without doing a search first.
==Examples for reference==
===MediaWiki===
====LocalSettings.php====
$wgLDAPServerNames = array("example"=>"ldap.example.com");
$wgLDAPSearchAttributes = array("example"=>"uid");
$wgLDAPBaseDNs = array("loral"=>"cn=users,dc=abc,dc=example,dc=com");
====LdapAuthentication.php====
see <http://svn.wikimedia.org/viewvc/mediawiki/trunk/extensions/LdapAuthentication/LdapAuthentication.php?view=markup>
Look for "function getUserDN"
===Bugzilla===
====params====
%param = (
'LDAPBaseDN' => 'cn=users,dc=ssd,dc=loral,dc=com',
'LDAPbinddn' => '',
'LDAPfilter' => '',
'LDAPmailattribute' => 'mail',
'LDAPserver' => 'ldap.example.com',
'LDAPstarttls' => 0,
'LDAPuidattribute' => 'uid',
...
====LDAP.pm====
see <http://mxr.mozilla.org/bugzilla/source/Bugzilla/Auth/Verify/LDAP.pm>
Look at about line 64 to see that they do a LDAP search before the LDAP bind.
In contrast, PostgreSQL's backend/libpq/auth.c does ldap_simple_bind_s() but never does a LDAP search.
Thanks,
Robert
