Problem with retry/fallback to simplier auth from LDAP (ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION) #2246
Comments
|
Is the problem actually with the fallback logic? Or is it that pgx doesn't support LDAP at all? |
|
The problem is in fall back for sure. I send only login and password to postgres I'm not sure how pgx can support ldap. My pg_hba configured as And it should fall back to md5 when ldap returns unauthorized, but it doesn't when in other drivers it does |
|
I looked through the psql/libpq code and couldn't find anything where there would be a retry with a different auth method if LDAP failed; maybe I have overlooked something. Are you sure that other drivers are falling back and not relying on an LDAP configuration in |
|
I've tested java driver first and then I tried C driver as well just to be sure that java and C have same behaviour and they do. But I wasn't checking C libs, as I understand it just should try to connect to any of I believe if we remove this error check it will behave as it should. |
Describe the bug
Hello everyone find this issue. When I was trying to understand why this driver behave differently from what we have in jdbc, as I understand libpq should have same behaviour as menssioned above. The problem that this ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION should make a fallback, because when you connect via LDAP and configure LDAP settings in pg_hba.conf Go driver doesn't fallback whereas other do. Can we fix it? I want to have default behavior when I use driver.
The error: server error: FATAL: LDAP authentication failed for user "postgres" (SQLSTATE 28000)
Expected behavior
fallback without auth to LDAP, should work the same as in the official C driver
The text was updated successfully, but these errors were encountered: