On Mon, Nov 12, 2012 at 10:38 PM, Peter Eisentraut <peter_e@gmx.net> wrote:
> Here is a patch to support RFC 2255 LDAP URLs in pg_hba.conf. So,
> instead of, say
>
> host ... ldap ldapserver=ldap.example.net ldapbasedn="dc=example, dc=net" ldapsearchattribute=uid
>
> you could write
>
> host ... ldap lapurl="ldap://ldap.example.net/dc=example,dc=net?uid?sub"
>
> Apache and probably other software uses the same format, and it's easier
> to have a common format for all such configuration instead of having to
> translate the information provided by the LDAP admin into each
> software's particular configuration spellings.
>
> I'm using the OpenLDAP-provided URL parsing routine, which means this
> wouldn't be supported on Windows. But we already support different
> authentication settings on different platforms, so this didn't seem such
> a big problem.
I think this is broadly reasonable, but I'm not sure this part is a good idea:
+#ifdef USE_LDAP
+#ifndef WIN32
+/* We use a deprecated function to keep the codepath the same as win32. */
+#define LDAP_DEPRECATED 1
+#include <ldap.h>
+#else
+#include <winldap.h>
+#endif
+#endif
Presumably if it's deprecated now, it might go away without notice,
and we shouldn't be relying on it to stick around.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
