The following bug has been logged on the website:
Bug reference: 7659
Logged by: Kevin Smith
Email address: kevin@rootsmith.ca
PostgreSQL version: 9.2.1
Operating system: CentOS5
Description: =
I have the following in my pg_hba.conf file:
host all +ldap 127.0.0.1/32 ldap ldapserver=3D<myserver> ldapport=3D389
ldapbasedb=3D"<my base dn>" ldapbinddn=3D"<my bind dn>" ldapbindpasswd=3D<p=
asswd>
ldapsearchattribute=3D<search_attr>
If I try to connect from the localhost with a valid ldap account, it fails.
Note that the <search_attr> is located in objects, one level deeper than the
<my base dn> given.
The error in the log is as follows:
could not search LDAP for filter "(<search_attr>=3D<my_user>)" on server
"<myserver>": error code 1
However, when I do the following on the command line, it works:
ldapsearch -x -L -b "<my base dn>" -D "<my bind dn>" -w <passwd> -H
ldap://<myserver>:389 "(<search_attr>=3Dmy_user)"
When I change the configuration in pg_hba.conf so that the ldapbasedn is
exactly on the same level as where the user resides, it works perfectly.
The documentation states "The search will be performed over the subtree at
ldapbasedn" but this does not appear to be the case from my testing. The
scope appears to be defaulting to be just searching the base.