From: | Magnus Hagander <magnus(at)hagander(dot)net> |
---|---|
To: | Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at> |
Cc: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: LDAP: bugfix and deprecated OpenLDAP API |
Date: | 2013-07-01 11:58:32 |
Message-ID: | CABUevExLzTgwO2uYsbQByt7OK4fkgbGiqPOtxBNFMKVrUH038w@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Tue, Feb 5, 2013 at 10:39 AM, Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at> wrote:
> I found a small bug in the implementation of LDAP connection
> parameter lookup.
>
> As documented in
> http://www.postgresql.org/docs/current/static/libpq-ldap.html
> processing should continue after a failed attempt
> to connect to an LDAP server.
>
> The code in src/interfaces/libpq/fe-connect.c defines a
> timeout of two seconds so that this failure won't block
> the libpq connection attempt for a long time.
>
> As coded now, the timeout won't work - if the LDAP server
> is down, ldap_simple_bind will wait for the network
> timeout, which will be quite longer than 2 seconds.
>
> The attached patch ldap-bug.patch fixes this problem;
> unfortunately I found no way that works both with OpenLDAP
> and Windows LDAP, so I had to add an #ifdef.
>
> I think that this patch should be applied and backpatched.
So just to be clear - the difference is we're going from implicit
anonymous bind, to an explicit one? We're not actually causing an
extra bind compared to previous versions?
> I also tried to fix the problem mentioned in
> http://www.postgresql.org/message-id/CA+TgmoYnj=Es3L_0Q8+ijR4tVhvztW1fb=7C9K9gEmZWqhpwuQ@mail.gmail.com
> that we use deprecated OpenLDAP functions, see the attached
> ldap-undeprecate.patch.
>
> I added a file ldap.c in src/port with my own implementation
> of some of the functions that OpenLDAP has deprecated.
> With that, the code changes necessary are pretty minimal.
Doesn't this need a version check against OpenSSL at some point, or a
configure check? Are we just assuming that all versions that people
ever use have the function deprecated? (That's probably not entirely
unreasonable, just double checking)
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
From | Date | Subject | |
---|---|---|---|
Next Message | Peter Eisentraut | 2013-07-01 12:35:08 | Re: LDAP: bugfix and deprecated OpenLDAP API |
Previous Message | Dean Rasheed | 2013-07-01 11:51:13 | Re: Request for Patch Feedback: Lag & Lead Window Functions Can Ignore Nulls |