Postgresql 中文操作指南
34.18. LDAP Lookup of Connection Parameters #
如果 libpq 已使用 LDAP 支持进行编译(configure 的选项 —with-ldap),那么可以通过 LDAP 从中央服务器检索诸如 host 或 dbname 等的连接选项。这样做的好处是,如果数据库的连接参数发生更改,则不必在所有客户端计算机上更新连接信息。
If libpq has been compiled with LDAP support (option —with-ldap for configure) it is possible to retrieve connection options like host or dbname via LDAP from a central server. The advantage is that if the connection parameters for a database change, the connection information doesn’t have to be updated on all client machines.
LDAP 连接参数查找使用连接服务文件 pg_service.conf(参见 Section 34.17)。以 ldap:// 开头的 pg_service.conf 连字串中的一行将被识别为 LDAP URL,并执行 LDAP 查询。结果必须是 keyword = value 对的列表,该列表用于设置连接选项。此 URL 必须符合 RFC 1959,并且具备以下形式
LDAP connection parameter lookup uses the connection service file pg_service.conf (see Section 34.17). A line in a pg_service.conf stanza that starts with ldap:// will be recognized as an LDAP URL and an LDAP query will be performed. The result must be a list of keyword = value pairs which will be used to set connection options. The URL must conform to RFC 1959 and be of the form
ldap://[hostname[:port]]/search_base?attribute?search_scope?filter
其中 hostname 默认为 localhost,而 port 默认为 389。
where hostname defaults to localhost and port defaults to 389.
在成功的 LDAP 查找过后将终止对 pg_service.conf 的处理,但在无法联系 LDAP 服务器的情况下会继续处理。这是为了提供指向不同 LDAP 服务器的进一步的 LDAP URL 行、经典的 keyword = value 对或默认连接选项作为后备。如果您在这种情况下宁愿接收错误消息,请在 LDAP URL 后添加一个语法不正确的行。
Processing of pg_service.conf is terminated after a successful LDAP lookup, but is continued if the LDAP server cannot be contacted. This is to provide a fallback with further LDAP URL lines that point to different LDAP servers, classical keyword = value pairs, or default connection options. If you would rather get an error message in this case, add a syntactically incorrect line after the LDAP URL.
可以使用 LDIF 文件创建的样本 LDAP 条目
A sample LDAP entry that has been created with the LDIF file
version:1
dn:cn=mydatabase,dc=mycompany,dc=com
changetype:add
objectclass:top
objectclass:device
cn:mydatabase
description:host=dbserver.mycompany.com
description:port=5439
description:dbname=mydb
description:user=mydb_user
description:sslmode=require
可以使用以下 LDAP URL 进行查询:
might be queried with the following LDAP URL:
ldap://ldap.mycompany.com/dc=mycompany,dc=com?description?one?(cn=mydatabase)
您还可以将常规服务文件项与 LDAP 查找混用。pg_service.conf 中节的完整示例如下:
You can also mix regular service file entries with LDAP lookups. A complete example for a stanza in pg_service.conf would be:
# only host and port are stored in LDAP, specify dbname and user explicitly
[customerdb]
dbname=customer
user=appuser
ldap://ldap.acme.com/cn=dbserver,cn=hosts?pgconnectinfo?base?(objectclass=*)