Re: support for LDAP URLs - Mailing list pgsql-hackers

From Robert Haas
Subject Re: support for LDAP URLs
Date
Msg-id CA+TgmoYnj=Es3L_0Q8+ijR4tVhvztW1fb=7C9K9gEmZWqhpwuQ@mail.gmail.com
Whole thread Raw
In response to support for LDAP URLs  (Peter Eisentraut <peter_e@gmx.net>)
Responses Re: support for LDAP URLs
Re: support for LDAP URLs
List pgsql-hackers
On Mon, Nov 12, 2012 at 10:38 PM, Peter Eisentraut <peter_e@gmx.net> wrote:
> Here is a patch to support RFC 2255 LDAP URLs in pg_hba.conf.  So,
> instead of, say
>
> host ... ldap ldapserver=ldap.example.net ldapbasedn="dc=example, dc=net" ldapsearchattribute=uid
>
> you could write
>
> host ... ldap lapurl="ldap://ldap.example.net/dc=example,dc=net?uid?sub"
>
> Apache and probably other software uses the same format, and it's easier
> to have a common format for all such configuration instead of having to
> translate the information provided by the LDAP admin into each
> software's particular configuration spellings.
>
> I'm using the OpenLDAP-provided URL parsing routine, which means this
> wouldn't be supported on Windows.  But we already support different
> authentication settings on different platforms, so this didn't seem such
> a big problem.

I think this is broadly reasonable, but I'm not sure this part is a good idea:

+#ifdef USE_LDAP
+#ifndef WIN32
+/* We use a deprecated function to keep the codepath the same as win32. */
+#define LDAP_DEPRECATED 1
+#include <ldap.h>
+#else
+#include <winldap.h>
+#endif
+#endif

Presumably if it's deprecated now, it might go away without notice,
and we shouldn't be relying on it to stick around.

-- 
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company



pgsql-hackers by date:

Previous
From: Robert Haas
Date:
Subject: Re: Dumping an Extension's Script
Next
From: Jeff Davis
Date:
Subject: Re: Enabling Checksums