| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Albe Laurenz" <all(at)adv(dot)magwien(dot)gv(dot)at> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: new feature: LDAP database name resolution |
| Date: | 2006-02-28 15:35:53 |
| Message-ID: | 15189.1141140953@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
"Albe Laurenz" <all(at)adv(dot)magwien(dot)gv(dot)at> writes:
> I am now in the process of writing a patch against CVS HEAD that
> changes fe-connect.c as follows:
> - If there is a 'service' option or PGSERVICE is set, AND the
> environment
> PGLDAPSERVERS is set to a comma separated list of LDAP server URIs,
> LDAP name resolution cuts in.
> - Before pg_services.conf is examined, the LDAP servers are contacted
> in order until a connection can be established.
> - The server is queried for an entry whose distinguished name is
> the value of 'service'. A certain attribute is retrieved.
> - The resulting string is parsed for options.
> - If that fails, pg_services.conf is read as fallback.
Uh, why is it a good idea to overload the "service" option like that?
ISTM it'd be less confusing to use a separate option. Further I suggest
that pg_service ought to be handled first, ie, it makes sense to me to
be able to put both the LDAP name and the LDAP server address(es) into a
pg_service.conf entry. The other way (LDAP pointing to pg_service.conf)
is clearly nonsensical, but that doesn't mean that they aren't useful
together.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kevin Grittner | 2006-02-28 15:44:08 | temporary indexes |
| Previous Message | Albe Laurenz | 2006-02-28 15:33:44 | Re: new feature: LDAP database name resolution |