| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | James Sewell <james(dot)sewell(at)lisasoft(dot)com> |
| Cc: | "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: LDAP referrals |
| Date: | 2013-06-27 07:39:42 |
| Message-ID: | CABUevEzouAe-g1_OejaGujjMem675DNYStwyBp4d_Wz6Om+fxA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Wed, Jun 26, 2013 at 3:47 AM, James Sewell <james(dot)sewell(at)lisasoft(dot)com>wrote:
> Hello All,
>
> Is there a way to disable chasing LDAP referrals in PostgreSQL?
>
There is not, at this point. It would probably be fairly trivial to add a
pg_hba parameter to turn it off (since it's, AFAIK, just a call to
ldap_set_option), but it's not possible to do with current versions of
PostgreSQL.
<snip>
You could try injecting a simple ldap_set_opttion() that turns off
LDAP_OPT_REFERRALS in InitializeLdapConnection() in auth.c, to see if that
works. If it solves the problem, it might be worth turning it into an
actual option.
If I run psql like so:
>
> psql -U d248265 -h 127.0.0.1 dccn
>
> then it hangs. From a packet capture I've determined that in this time it
> is trying to resolve the referral, which is broken and times out.
>
As you say, a quick fix would of course be to fix your server not to send
broken referrals ;)
But I can see how it could perhaps still be useful to be able to block
referrals. I think the reason it's not in there already is mainly that it
doesn't make much sense for the actual login bind - but it does make more
sense for the search step that happens before the bind.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | sachin kotwal | 2013-06-27 11:43:31 | Migration from DB2 to PostgreSQL-TIMESTAMP(arg1,arg1) |
| Previous Message | Merlin Moncure | 2013-06-27 02:13:47 | Re: convert from json to text[] |