Add ldapservice connection parameter

Andrew Jackson Sun, 11 Jan 2026 18:51:33 -0800

Currently there exists, only in pg_service.conf, the ability to look
up connection parameters from a centralized LDAP server. This patch
expands the usability of this by allowing it to be specified directly in
a connection string instead of only in a pg_service.conf file.

From 0f51ee971e8b23c5cd50e48ff6c1e70391d1ad30 Mon Sep 17 00:00:00 2001
From: Andrew Jackson <[email protected]>
Date: Sun, 23 Mar 2025 17:27:32 -0500
Subject: [PATCH] Add ldapservice connection parameter


Currently there exists, only in pg_service.conf, the ability to look
up connection parameters from a centralized LDAP server. This patch
expands the usability of this be allowing it to be specified directly in
a connection string instead of only in a pg_service.conf file.
---
 doc/src/sgml/libpq.sgml                             | 10 ++++++++++
 src/interfaces/libpq/fe-connect.c                   | 12 ++++++++++++
 src/interfaces/libpq/libpq-int.h                    |  1 +
 src/test/ldap/t/003_ldap_connection_param_lookup.pl | 12 ++++++++++++
 4 files changed, 35 insertions(+)

diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml
index 7d05938feda..cf5b132435f 100644
--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
@@ -2333,6 +2333,16 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname
       </listitem>
      </varlistentry>

+     <varlistentry id="libpq-connect-ldapservice" xreflabel="ldapservice">
+      <term><literal>ldapservice</literal></term>
+      <listitem>
+       <para>
+        This option specifies an LDAP query that can be used to reference connection paremeters
+        stored in an LDAP server. This functionality is described in more detail in <xref linkend="libpq-ldap"/>.
+        </para>
+      </listitem>
+     </varlistentry>
+
      <varlistentry id="libpq-connect-target-session-attrs" xreflabel="target_session_attrs">
       <term><literal>target_session_attrs</literal></term>
       <listitem>
diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c
index a0d2f749811..b94a7867f99 100644
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@@ -206,6 +206,10 @@ static const internalPQconninfoOption PQconninfoOptions[] = {
 		"Database-Service-File", "", 64,
 	offsetof(struct pg_conn, pgservicefile)},

+	{"ldapservice", "PGLDAPSERVICE", NULL, NULL,
+		"Database-LDAP-Service", "", 20,
+	offsetof(struct pg_conn, pgldapservice)},
+
 	{"user", "PGUSER", NULL, NULL,
 		"Database-User", "", 20,
 	offsetof(struct pg_conn, pguser)},
@@ -5955,6 +5959,7 @@ parseServiceInfo(PQconninfoOption *options, PQExpBuffer errorMessage)
 {
 	const char *service = conninfo_getval(options, "service");
 	const char *service_fname = conninfo_getval(options, "servicefile");
+	const char *ldapservice = conninfo_getval(options, "ldapservice");
 	char		serviceFile[MAXPGPATH];
 	char	   *env;
 	bool		group_found = false;
@@ -5969,6 +5974,13 @@ parseServiceInfo(PQconninfoOption *options, PQExpBuffer errorMessage)
 	if (service == NULL)
 		service = getenv("PGSERVICE");

+#ifdef USE_LDAP
+	if (ldapservice != NULL)
+		if (strncmp(ldapservice, "ldap", 4) == 0)
+			if (!ldapServiceLookup(ldapservice, options, errorMessage))
+				return 0;
+#endif
+
 	/* If no service name given, nothing to do */
 	if (service == NULL)
 		return 0;
diff --git a/src/interfaces/libpq/libpq-int.h b/src/interfaces/libpq/libpq-int.h
index fb6a7cbf15d..b540d3ac054 100644
--- a/src/interfaces/libpq/libpq-int.h
+++ b/src/interfaces/libpq/libpq-int.h
@@ -392,6 +392,7 @@ struct pg_conn
 	char	   *pgservice;		/* Postgres service, if any */
 	char	   *pgservicefile;	/* path to a service file containing
 								 * service(s) */
+	char	   *pgldapservice;	/* Postgres LDAP service, if any */
 	char	   *pguser;			/* Postgres username and password, if any */
 	char	   *pgpass;
 	char	   *pgpassfile;		/* path to a file containing password(s) */
diff --git a/src/test/ldap/t/003_ldap_connection_param_lookup.pl b/src/test/ldap/t/003_ldap_connection_param_lookup.pl
index 359fc7a998a..6985be65408 100644
--- a/src/test/ldap/t/003_ldap_connection_param_lookup.pl
+++ b/src/test/ldap/t/003_ldap_connection_param_lookup.pl
@@ -196,6 +196,18 @@ local $ENV{PGSERVICEFILE} = "$srvfile_empty";
 		expected_stdout =>
 		  qr/definition of service "undefined-service" not found/);

+	$dummy_node->connect_ok(
+		"ldapservice=ldap://localhost:$ldap_port/dc=example,dc=net?description?one?(cn=mydatabase)",
+		'connection with correct "ldapservice" string',
+		sql => "SELECT 'connect2_4'",
+		expected_stdout => qr/connect2_4/);
+
+	$dummy_node->connect_ok(
+		"postgres://?ldapservice=ldap%3A%2F%2Flocalhost%3A$ldap_port%2Fdc%3Dexample%2Cdc%3Dnet%3Fdescription%3Fone%3F%28cn%3Dmydatabase%29",
+		'connection with correct "ldapservice"',
+		sql => "SELECT 'connect2_5'",
+		expected_stdout => qr/connect2_5/);
+
 	# Remove default pg_service.conf.
 	unlink($srvfile_default);
 }
--
2.49.0

Add ldapservice connection parameter

Reply via email to