Tom Lane wrote:
> I think a better idea is to embed the flag in the pg_hba.conf entry
> itself. Perhaps something like "ldapso:" instead of "ldaps:" to
> indicate "old" secure ldap protocol, or include another parameter
> in the URL body.
FWIW, I'm working on a proposal to change how pg_hba.conf deals with
the parameter field to make it easier to do things like this, by
using a name/value pair setup instead. The LDAP url is one reason -
it's hacky enough already *before* we add this kind of option to it...
//Magnus