ldap/t/001_auth.pl fails with openldap 2.5 - Mailing list pgsql-hackers

From Andres Freund
Subject ldap/t/001_auth.pl fails with openldap 2.5
Date
Msg-id 20211009233850.wvr6apcrw2ai6cnj@alap3.anarazel.de
Whole thread Raw
Responses Re: ldap/t/001_auth.pl fails with openldap 2.5
Re: ldap/t/001_auth.pl fails with openldap 2.5
List pgsql-hackers
Hi,

The freebsd image I use for CI runs just failed because the package name for
openldap changed (it's now either openldap{24,25}-{client,server}, instead of
openldap-..}. I naively resolved that conflict by choosing the openldap25-*
packages. Which unfortunately turns out to break 001_auth.pl :(

https://api.cirrus-ci.com/v1/artifact/task/5061394509856768/tap/src/test/ldap/tmp_check/log/regress_log_001_auth

# Running: ldapsearch -h localhost -p 51649 -s base -b dc=example,dc=net -D cn=Manager,dc=example,dc=net -y
/tmp/cirrus-ci-build/src/test/ldap/tmp_check/ldappassword-n 'objectclass=*'
 
ldapsearch: unrecognized option -h
usage: ldapsearch [options] [filter [attributes...]]

Seems we need to replace -h & -p with a -H ldap://server:port/ style URI? I
think that's fine to do unconditionally, the -H schema is pretty old I think
(I seem to recall using it in the mid 2000s, when I learned to not like ldap
by experience).

The only reason I'm hesitating a bit is that f0e60ee4bc0, the commit adding
the ldap test suite, used an ldap:// uri for the server, but then 27cd521e6e7
(adding the ldapsearch) didn't use that for the ldapsearch? Thomas?

So, does anybody see a reason not to go for the trivial

diff --git i/src/test/ldap/t/001_auth.pl w/src/test/ldap/t/001_auth.pl
index f670bc5e0d5..a025a641b02 100644
--- i/src/test/ldap/t/001_auth.pl
+++ w/src/test/ldap/t/001_auth.pl
@@ -130,8 +130,8 @@ while (1)
     last
       if (
         system_log(
-            "ldapsearch", "-h", $ldap_server, "-p",
-            $ldap_port,   "-s", "base",       "-b",
+            "ldapsearch", "-H", "$ldap_url",  "-s",
+            "base",       "-b",
             $ldap_basedn, "-D", $ldap_rootdn, "-y",
             $ldap_pwfile, "-n", "'objectclass=*'") == 0);
     die "cannot connect to slapd" if ++$retries >= 300;


Although I'm mildly tempted to rewrap the parameters, it's kinda odd how the
trailing parameter on one line, has its value on the next line.

Greetings,

Andres Freund



pgsql-hackers by date:

Previous
From: Kenaniah Cerny
Date:
Subject: Proposal: allow database-specific role memberships
Next
From: Peter Geoghegan
Date:
Subject: Re: GIN pending list cleanup during autoanalyze blocks cleanup by VACUUM