Thread: Re: [PATCHES] LDAP auth
>> I'm almost done with implementing a patch that recognizes >> LDAP URLs in pg_services.conf and queries an LDAP server for >> a connection option string. >> >> Currently I'm coding against libldap [...] > > If you haven't already, look at the ldap auth patch in the queue for > some win32 specific issues - we do not want to rely on OpenLDAP on > windows, since there is a builtin version that's almost the > same (close enough). Thank you for drawing my attention to that, I wasn't aware of it. I'll definitely try to use the native winldap interface and try to make my patch as compatible to yours as possible (configure --with-ldap). If your patch is accepted and a dependency on OpenLDAP is introduced, my patch will provide an additional gain with no additional cost. Yours, Laurenz Albe
"Albe Laurenz" <all@adv.magwien.gv.at> writes: > If your patch is accepted and a dependency on OpenLDAP is introduced, > my patch will provide an additional gain with no additional cost. Out of curiosity what would an SQL database want with ldap anyways? Is it just a set of bindings for ldap functions for applications? -- greg
Greg Stark wrote: >"Albe Laurenz" <all@adv.magwien.gv.at> writes: > > > >>If your patch is accepted and a dependency on OpenLDAP is introduced, >>my patch will provide an additional gain with no additional cost. >> >> > >Out of curiosity what would an SQL database want with ldap anyways? > > > Single Sign On is the obvious answer. I find it hard to imagine LDAP being sensibly use for any other postgres purpose than authentication, despite recent flights of fancy on the list about storing large slabs of config data there. cheersw andrew
On Mon, Mar 06, 2006 at 15:00:07 -0500, Andrew Dunstan <andrew@dunslane.net> wrote: > > I find it hard to imagine LDAP being sensibly use for any other postgres > purpose than authentication, despite recent flights of fancy on the list > about storing large slabs of config data there. It can also make sense to get authorization information from LDAP.
Bruno Wolff III wrote: >On Mon, Mar 06, 2006 at 15:00:07 -0500, > Andrew Dunstan <andrew@dunslane.net> wrote: > > >>I find it hard to imagine LDAP being sensibly use for any other postgres >>purpose than authentication, despite recent flights of fancy on the list >>about storing large slabs of config data there. >> >> > >It can also make sense to get authorization information from LDAP. > > > Yes, that's true. But I can imagine putting a shared config setup on a web server, or an ftp server, or a tftp server, a good deal more easily than putting it in LDAP. cheers andrew