[YSQL] ysql_hba_conf field values that contain the line separator "," get improperly formatted in the resulting ysql_hba_conf file #5459

ajcaldera1 · 2020-08-21T12:31:42Z

There are some values such as ldapsuffix, ldapurl, and ldapbasedn that could be contained in the GFlag --ysql_hba_conf that cause an erroneous ysql_hba.conf file to be produced. If there are erroneous entries in that file the postgres front-end "postmaster" will fail to start.

Here are some examples from the PG documentation:

Simple bind config:

host ... ldap ldapserver=ldap.example.net ldapprefix="cn=" ldapsuffix=", dc=example, dc=net"

Search+bind written as url string:

host ... ldap ldapurl="ldap://ldap.example.net/dc=example,dc=net?uid?sub"

Another search+bind example with filter:

host ... ldap ldapserver=ldap.example.net ldapbasedn="dc=example, dc=net" ldapsearchfilter="(|(uid=$username)(mail=$username))"

The text was updated successfully, but these errors were encountered:

Summary: Include support in all default builds for: - LDAP Authentication (by including ldap lib in the build) - UUID (by including uuid-ossp extension with e2fs implementation) Additional change: Add `ysql_pg_conf_csv`/`ysql_hba_conf_csv` flags as substitutions for deprecated `ysql_pg_conf` and `ysql_hba_conf`. Example how to start the cluster with LDAP authentication ``` ./bin/yb-ctl start --ysql_hba_conf_csv='host all yugabyte 127.0.0.1/0 password,"host all all 0.0.0.0/0 ldap ldapserver=ldap.forumsys.com ldapprefix=""uid="" ldapsuffix="", dc=example, dc=com"" ldapport=389"' ``` Test Plan: Jenkins: Existing tests, additional tests in: TestPgRegressExtension (yb_extensions), Reviewers: sanketh, mihnea Reviewed By: mihnea Subscribers: mikhail, rskannan, yql Differential Revision: https://phabricator.dev.yugabyte.com/D9692

…in default builds Summary: Include support in all default builds for: - LDAP Authentication (by including ldap lib in the build) - UUID (by including uuid-ossp extension with e2fs implementation) Additional change: Add `ysql_pg_conf_csv`/`ysql_hba_conf_csv` flags as substitutions for deprecated `ysql_pg_conf` and `ysql_hba_conf`. Example how to start the cluster with LDAP authentication ``` ./bin/yb-ctl start --ysql_hba_conf_csv='host all yugabyte 127.0.0.1/0 password,"host all all 0.0.0.0/0 ldap ldapserver=ldap.forumsys.com ldapprefix=""uid="" ldapsuffix="", dc=example, dc=com"" ldapport=389"' ``` Test Plan: Jenkins: rebase: 2.3 Existing tests, additional tests in: TestPgRegressExtension (yb_extensions), Reviewers: sanketh, dmitry, rskannan Reviewed By: rskannan Subscribers: yql, rskannan, mikhail Differential Revision: https://phabricator.dev.yugabyte.com/D9787

ajcaldera1 added the area/ysql Yugabyte SQL (YSQL) label Aug 21, 2020

ajcaldera1 added this to the v2.2.x milestone Aug 21, 2020

ajcaldera1 assigned ndeodhar Aug 21, 2020

ndeodhar assigned m-iancu and unassigned ndeodhar Aug 22, 2020

ajcaldera1 closed this as completed Jan 6, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[YSQL] ysql_hba_conf field values that contain the line separator "," get improperly formatted in the resulting ysql_hba_conf file #5459

[YSQL] ysql_hba_conf field values that contain the line separator "," get improperly formatted in the resulting ysql_hba_conf file #5459

ajcaldera1 commented Aug 21, 2020

[YSQL] ysql_hba_conf field values that contain the line separator "," get improperly formatted in the resulting ysql_hba_conf file #5459

[YSQL] ysql_hba_conf field values that contain the line separator "," get improperly formatted in the resulting ysql_hba_conf file #5459

Comments

ajcaldera1 commented Aug 21, 2020