From: | Thomas Munro <thomas(dot)munro(at)enterprisedb(dot)com> |
---|---|
To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
Cc: | pgsql-committers <pgsql-committers(at)postgresql(dot)org> |
Subject: | Re: pgsql: Allow ldaps when using ldap authentication |
Date: | 2018-01-03 21:24:43 |
Message-ID: | CAEepm=2=wnbjVtARnO0513w0rW9FWS7yZ3ZNz6VYTr4-j-aSAQ@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-committers |
On Thu, Jan 4, 2018 at 9:07 AM, Thomas Munro
<thomas(dot)munro(at)enterprisedb(dot)com> wrote:
> On Thu, Jan 4, 2018 at 4:14 AM, Peter Eisentraut <peter_e(at)gmx(dot)net> wrote:
>> Allow ldaps when using ldap authentication
>
> Other Windows systems seem OK with this, but baiji said:
>
> .\src\backend\libpq\auth.c(2538): error C2065: 'LDAPS_PORT' :
> undeclared identifier
>
> Checking where that's supposed to come from...
Windows documentation talks about LDAP_SSL_PORT instead. I assume
that "Vista Ultimate 6.0.6000 MSVC 2005 Pro 8.0.50727.867" doesn't
define LDAPS_PORT, but some later version added it for compatibility
with OpenLDAP. Let's just define it ourselves if it's undefined as we
did for some other LDAP macros, since its value is well known (it's an
IANA-registered port). See attached.
While poking around in the documentation, I came across this
surprising sentence[1]: "Be aware that even if the secure parameter is
set to zero, if the PortNumber parameter is set to LDAP_SSL_PORT (636)
or to LDAP_SSL_GC_PORT (3269), an encrypted session is initiated."
Huh. That wasn't mentioned on the main page for the function[2] and
I don't like it, because it means that the same connection string
could have a different meaning on Windows and Unix. So I also propose
that we also tweak the code to prevent that.
I don't have a Windows system myself, but this builds OK on Appveyor CI.
[1] https://msdn.microsoft.com/en-us/library/aa367031(v=vs.85).aspx
[2] https://msdn.microsoft.com/en-us/library/aa366996(v=vs.85).aspx
--
Thomas Munro
http://www.enterprisedb.com
Attachment | Content-Type | Size |
---|---|---|
tweak-ldaps-windows.patch | application/octet-stream | 1.7 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Alvaro Herrera | 2018-01-03 21:31:56 | Re: pgsql: Fix deadlock hazard in CREATE INDEX CONCURRENTLY |
Previous Message | Alvaro Herrera | 2018-01-03 21:24:41 | pgsql: Revert "Fix isolation test to be less timing-dependent" |