Re: [PATCH] Add an ldapoption to disable chasing LDAP referrals

From: James Sewell <james(dot)sewell(at)lisasoft(dot)com>
To: Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: [PATCH] Add an ldapoption to disable chasing LDAP referrals
Date: 2013-07-03 01:04:51
Message-ID: CANkGpBvs4B8qm0U7gHojbh=T=S3X9ugmyO_SNNWRas+AeR2jWQ@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Hey Peter,

You are correct, it is the same as the referrals option in pam_ldap. It's
also the -C (sometimes -R - it seems ldapsearch options are pretty
non-standard) option in ldapsearch.

As far as I'm aware you can't pass this in an LDAP URL, primarily because
this never gets sent to the LDAP server. The server always returns an LDIF
with inline references, this just determines if you chase them client side
or just list them as is.

I could be missing something here, but using:

ldapreferrals={0|1}

Would require a three state type, as we need a way of not interfering with
the library defaults? To 'enable' the new behavior here using a boolean you
would need to set ldapreferrals=false - which with the normal way of
dealing with config booleans would alter the default behavior if the option
was not specified.

How do you feel about:

ldapdisablereferrals=(0|1)

Cheers,
James Sewell

James Sewell
PostgreSQL Team Lead / Solutions Architect
_____________________________________

[image:
http://www.lisasoft.com/sites/lisasoft/files/u1/2013hieghtslogan_0.png]

Level 2, 50 Queen St,
Melbourne, VIC, 3000

P: 03 8370 8000 F: 03 8370 8099 W: www.lisasoft.com

On Tue, Jul 2, 2013 at 10:46 PM, Peter Eisentraut <peter_e(at)gmx(dot)net> wrote:

> On 7/2/13 12:20 AM, James Sewell wrote:
> > Hey All,
> >
> > This patch request grew from this post (of mine) to pgsql-general:
> >
> >
> http://www.postgresql.org/message-id/CABUevEzouAe-g1_OejaGujjMem675DNYStwyBp4d_Wz6Om+fxA@mail.gmail.com
> >
> > The patch adds another available LDAP option (ldapnochaseref) for
> > search+bind mode in the pg_hba.conf fil. If set to 1 (0 is default) then
> > it performs a ldap_set_option which disables chasing of any LDAP
> > references which are returned as part of the search LDIF.
>
> This appears to be the same as the "referrals" option in pam_ldap
> (http://linux.die.net/man/5/pam_ldap) So it seems legitimate.
>
> For consistency, I would name the option ldapreferrals={0|1}. I prefer
> avoiding double negatives.
>
> Do you know of a standard way to represent this option in an LDAP URL,
> perhaps as an extension?
>
>

--

------------------------------
The contents of this email are confidential and may be subject to legal or
professional privilege and copyright. No representation is made that this
email is free of viruses or other defects. If you have received this
communication in error, you may not copy or distribute any part of it or
otherwise disclose its contents to anyone. Please advise the sender of your
incorrect receipt of this correspondence.

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Robert Haas 2013-07-03 01:16:05 Re: Review: query result history in psql
Previous Message Michael Paquier 2013-07-03 01:03:26 Re: Support for REINDEX CONCURRENTLY