From 28b0d6bf6299d4508988ad6352704d2a61fd6896 Mon Sep 17 00:00:00 2001
From: Bruce Momjian <bruce@momjian.us>
Date: Fri, 16 Jun 2006 15:16:16 +0000
Subject: [PATCH] Add LDAP documentation missed in code patch.

Magnus Hagander
---
 doc/src/sgml/client-auth.sgml  | 62 +++++++++++++++++++++++++++++++++++++++++-
 doc/src/sgml/installation.sgml | 20 ++++++++++++--
 2 files changed, 79 insertions(+), 3 deletions(-)

diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml
index 22fe521bfb..bb7f17ff78 100644
--- a/doc/src/sgml/client-auth.sgml
+++ b/doc/src/sgml/client-auth.sgml
@@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.89 2006/04/30 21:15:32 tgl Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.90 2006/06/16 15:16:16 momjian Exp $ -->
 
 <chapter id="client-authentication">
  <title>Client Authentication</title>
@@ -373,6 +373,16 @@ hostnossl  <replaceable>database</replaceable>  <replaceable>user</replaceable>
        </varlistentry>
 
        <varlistentry>
+        <term><literal>ldap</></term>
+        <listitem>
+         <para>
+          Authenticate using LDAP to a central server. See <xref
+          linkend="auth-ldap"> for details.
+         </para>
+        </listitem>
+       </varlistentry>
+
+       <varlistentry>
         <term><literal>pam</></term>
         <listitem>
          <para>
@@ -896,6 +906,56 @@ omicron       bryanh            guest1
    </sect3>
   </sect2>
 
+  <sect2 id="auth-ldap">
+   <title>LDAP authentication</title>
+
+   <indexterm zone="auth-ldap">
+    <primary>LDAP</primary>
+   </indexterm>
+
+   <para>
+    This authentication method operates similarly to
+    <literal>password</literal> except that it uses LDAP
+    as the authentication method. LDAP is used only to validate
+    the user name/password pairs. Therefore the user must already
+    exist in the database before LDAP can be used for
+    authentication. The server and parameters used are specified
+    after the <literal>ldap</> key word in the file
+    <filename>pg_hba.conf</filename>. The format of this parameter is:
+    <synopsis>
+ldap[<replaceable>s</>]://<replaceable>servername</>[:<replaceable>port</>]/<replaceable>base dn</replaceable>[;<replaceable>prefix</>[;<replaceable>suffix</>]]
+    </synopsis>
+    for example:
+    <synopsis>
+ldap://ldap.example.net/dc=example,dc=net;EXAMPLE\
+    </synopsis>
+
+   </para>
+   <para>
+    If <literal>ldaps</> is specified instead of <literal>ldap</>,
+    TLS encryption will be enabled for the connection. Note that this
+    will encrypt only the connection between the PostgreSQL server
+    and the LDAP server. The connection between the client and the
+    PostgreSQL server is not affected by this setting. To make use of
+    TLS encryption, you may need to configure the LDAP library prior
+    to configuring PostgreSQL.
+   </para>
+   <para>
+    If no port is specified, the default port as configured in the
+    LDAP library will be used.
+   </para>
+   <para>
+    The server will bind to the distinguished name specified as
+    <replaceable>base dn</> using the username supplied by the client.
+    If <replaceable>prefix</> and <replaceable>suffix</> is 
+    specified, it will be prepended and appended to the username
+    before the bind. Typically, the prefix parameter is used to specify
+    <replaceable>cn=</>, or <replaceable>DOMAIN\</> in an Active
+    Directory environment.
+   </para>
+   
+  </sect2>
+
   <sect2 id="auth-pam">
    <title>PAM authentication</title>
 
diff --git a/doc/src/sgml/installation.sgml b/doc/src/sgml/installation.sgml
index 2c9d2eaae3..9386c66ea7 100644
--- a/doc/src/sgml/installation.sgml
+++ b/doc/src/sgml/installation.sgml
@@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/installation.sgml,v 1.256 2006/04/25 15:19:16 momjian Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/installation.sgml,v 1.257 2006/06/16 15:16:16 momjian Exp $ -->
 
 <chapter id="installation">
  <title><![%standalone-include[<productname>PostgreSQL</>]]>
@@ -279,7 +279,8 @@ su - postgres
 
     <listitem>
      <para>
-      <application>Kerberos</>, <productname>OpenSSL</>, and/or
+      <application>Kerberos</>, <productname>OpenSSL</>, 
+      <productname>OpenLDAP</>, and/or
       <application>PAM</>, if you want to support authentication or
       encryption using these services.
      </para>
@@ -849,6 +850,21 @@ su - postgres
       </varlistentry>
 
       <varlistentry>
+       <term><option>--with-ldap</option></term>
+       <listitem>
+        <para>
+         Build with <acronym>LDAP</><indexterm><primary>LDAP</></>
+         authentication support. On Unix, this requires the
+         <productname>OpenLDAP</> package to be installed.
+         <filename>configure</> will check for the required header files
+         and libraries to make sure that your <productname>OpenLDAP</>
+         installation is sufficient before proceeding. On Windows,
+         the default <productname>WinLDAP</> library is used.
+        </para>
+       </listitem>
+      </varlistentry>
+
+      <varlistentry>
        <term><option>--with-libedit-preferred</option></term>
        <listitem>
         <para>
-- 
2.11.0