Thread: LDAP auth
This patch adds native LDAP auth, for those platforms that don't have PAM (such as Win32, but also unixen without PAM). On Unix, uses OpenLDAP. On win32, uses the builin WinLDAP library. //Magnus
Attachment
Awhile back, "Magnus Hagander" <mha@sollentuna.net> wrote:
> This patch adds native LDAP auth, for those platforms that don't have
> PAM (such as Win32, but also unixen without PAM). On Unix, uses
> OpenLDAP. On win32, uses the builin WinLDAP library.
Is this patch still live, or do you want to withdraw it in light of the
recent discussions about using libcurl?
regards, tom lane
> Awhile back, "Magnus Hagander" <mha@sollentuna.net> wrote: > > This patch adds native LDAP auth, for those platforms that > don't have > > PAM (such as Win32, but also unixen without PAM). On Unix, uses > > OpenLDAP. On win32, uses the builin WinLDAP library. > > Is this patch still live, or do you want to withdraw it in > light of the recent discussions about using libcurl? I'm unsure wether libcurl does what we'd need, but I haven't looked into the details (I did a very quick check on the web, but was unable to quickly find what I was looking for). Specifically, we want to just do an LDAP bind and not actually fetch anything. Though I guess we could fetch the base DN without taking a lot of performance... Also, I'm unsure if they'll run with winldap on windows or add an extra library dependence on openldap (which will cause problems when using ldaps in windows, since you need a completely separate set of certificates and stuff imported into openldap instead of using what Windows alreayd set up for you). Their FAQ says they require openldap, but a quick google shows maybe they don't. Was there ever a decision in "the libcurl thread"? If we're going to pull in libcurl as a dependency anyway, it would deifnitly be worthwhile checking if we can use it here as well, if nothing else then just to get rid of the configure steps. But if we don't use it elsewhere, I don't see any reason to add an extra dependency. //Magnus
"Magnus Hagander" <mha@sollentuna.net> writes:
> Was there ever a decision in "the libcurl thread"?
No, not yet.
Personally I'm unconvinced that we should depend on libcurl: if it's
going to use openldap to do LDAP work, then the only good reason to use
libcurl rather than openldap directly is if there's some clear use-case
for libcurl's other features. Which no one had presented AFAIR. I'm
still willing to be convinced though.
regards, tom lane
Magnus Hagander wrote:
I suggested libcurl in another context, and not so much as a means of getting at LDAP data as a means of getting config data from non-LDAP as well as LDAP sources. If all we want is LDAP then using libcurl would indeed be introducing an unnecessary dependency.
In this context, though, its use seems a bit odd.
cheers
andrew
Awhile back, "Magnus Hagander" <mha@sollentuna.net> wrote:This patch adds native LDAP auth, for those platforms thatdon't havePAM (such as Win32, but also unixen without PAM). On Unix, uses OpenLDAP. On win32, uses the builin WinLDAP library.Is this patch still live, or do you want to withdraw it in light of the recent discussions about using libcurl?I'm unsure wether libcurl does what we'd need, but I haven't looked into the details (I did a very quick check on the web, but was unable to quickly find what I was looking for). Specifically, we want to just do an LDAP bind and not actually fetch anything. Though I guess we could fetch the base DN without taking a lot of performance... Also, I'm unsure if they'll run with winldap on windows or add an extra library dependence on openldap (which will cause problems when using ldaps in windows, since you need a completely separate set of certificates and stuff imported into openldap instead of using what Windows alreayd set up for you). Their FAQ says they require openldap, but a quick google shows maybe they don't. Was there ever a decision in "the libcurl thread"? If we're going to pull in libcurl as a dependency anyway, it would deifnitly be worthwhile checking if we can use it here as well, if nothing else then just to get rid of the configure steps. But if we don't use it elsewhere, I don't see any reason to add an extra dependency.
I suggested libcurl in another context, and not so much as a means of getting at LDAP data as a means of getting config data from non-LDAP as well as LDAP sources. If all we want is LDAP then using libcurl would indeed be introducing an unnecessary dependency.
In this context, though, its use seems a bit odd.
cheers
andrew
Andrew Dunstan wrote: > I suggested libcurl in another context, and not so much as a means of > getting at LDAP data as a means of getting config data from non-LDAP as > well as LDAP sources. If all we want is LDAP then using libcurl would > indeed be introducing an unnecessary dependency. > > In this context, though, its use seems a bit odd. Right, that's what I remember, the curl can _also_ be used to distribute authentication data, but of course LDAP is more standard. -- Bruce Momjian http://candle.pha.pa.us SRA OSS, Inc. http://www.sraoss.com + If your life is a hard drive, Christ can be your backup. +
> Andrew Dunstan wrote: > > I suggested libcurl in another context, and not so much as > a means of > > getting at LDAP data as a means of getting config data from > non-LDAP > > as well as LDAP sources. If all we want is LDAP then using libcurl > > would indeed be introducing an unnecessary dependency. > > > > In this context, though, its use seems a bit odd. > > Right, that's what I remember, the curl can _also_ be used to > distribute authentication data, but of course LDAP is more standard. Um. LDAP is a protocol, curl is a libary. I assume you mean OpenLDAP, though. And yes, OpenLDAP is way more common than libcurl for getting LDAP data. And since libcurl depends on openldap, there's really no point in donig it unless you're going to use the *other* features of libcurl as well. //Magnus
Patch applied. Thanks. --------------------------------------------------------------------------- Magnus Hagander wrote: > This patch adds native LDAP auth, for those platforms that don't have > PAM (such as Win32, but also unixen without PAM). On Unix, uses > OpenLDAP. On win32, uses the builin WinLDAP library. > > //Magnus > Content-Description: ldap_auth.patch [ Attachment, skipping... ] Content-Description: ldap_doc.patch [ Attachment, skipping... ] > > ---------------------------(end of broadcast)--------------------------- > TIP 5: don't forget to increase your free space map settings -- Bruce Momjian http://candle.pha.pa.us SRA OSS, Inc. http://www.sraoss.com + If your life is a hard drive, Christ can be your backup. +