From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
---|---|
To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
Cc: | pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: support for LDAP URLs |
Date: | 2012-11-15 19:44:09 |
Message-ID: | CA+TgmoYnj=Es3L_0Q8+ijR4tVhvztW1fb=7C9K9gEmZWqhpwuQ@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Mon, Nov 12, 2012 at 10:38 PM, Peter Eisentraut <peter_e(at)gmx(dot)net> wrote:
> Here is a patch to support RFC 2255 LDAP URLs in pg_hba.conf. So,
> instead of, say
>
> host ... ldap ldapserver=ldap.example.net ldapbasedn="dc=example, dc=net" ldapsearchattribute=uid
>
> you could write
>
> host ... ldap lapurl="ldap://ldap.example.net/dc=example,dc=net?uid?sub"
>
> Apache and probably other software uses the same format, and it's easier
> to have a common format for all such configuration instead of having to
> translate the information provided by the LDAP admin into each
> software's particular configuration spellings.
>
> I'm using the OpenLDAP-provided URL parsing routine, which means this
> wouldn't be supported on Windows. But we already support different
> authentication settings on different platforms, so this didn't seem such
> a big problem.
I think this is broadly reasonable, but I'm not sure this part is a good idea:
+#ifdef USE_LDAP
+#ifndef WIN32
+/* We use a deprecated function to keep the codepath the same as win32. */
+#define LDAP_DEPRECATED 1
+#include <ldap.h>
+#else
+#include <winldap.h>
+#endif
+#endif
Presumably if it's deprecated now, it might go away without notice,
and we shouldn't be relying on it to stick around.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
From | Date | Subject | |
---|---|---|---|
Next Message | Jeff Davis | 2012-11-15 19:44:45 | Re: Enabling Checksums |
Previous Message | Robert Haas | 2012-11-15 19:41:30 | Re: Dumping an Extension's Script |