From c2907c0c30c8d9d8118f3f4ad56d4132533518f5 Mon Sep 17 00:00:00 2001 From: Thomas Munro Date: Thu, 4 Jan 2018 09:25:32 +1300 Subject: [PATCH] Define LDAPS_PORT if it's missing and disable implicit LDAPS on Windows. Some versions of Windows don't define LDAPS_PORT. Also, Windows' ldap_sslinit() is documented to use LDAPS even if you said secure=0 when the port number happens to be 636 or 3269. Let's avoid using the port number to imply that you want LDAPS, so that connection strings have the same meaning on Windows and Unix. Author: Thomas Munro Discussion: https://postgr.es/m/CAEepm%3D23B7GV4AUz3MYH1TKpTv030VHxD2Sn%2BLYWDv8d-qWxww%40mail.gmail.com --- src/backend/libpq/auth.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index 3560edc33a0..f327f7bb1bf 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -2363,9 +2363,10 @@ InitializeLDAPConnection(Port *port, LDAP **ldap) if (scheme == NULL) scheme = "ldap"; #ifdef WIN32 - *ldap = ldap_sslinit(port->hba->ldapserver, - port->hba->ldapport, - strcmp(scheme, "ldaps") == 0); + if (strcmp(scheme, "ldaps") == 0) + *ldap = ldap_sslinit(port->hba->ldapserver, port->hba->ldapport, 1); + else + *ldap = ldap_init(port->hba->ldapserver, port->hba->ldapport); if (!*ldap) { ereport(LOG, @@ -2489,6 +2490,11 @@ InitializeLDAPConnection(Port *port, LDAP **ldap) #define LDAP_NO_ATTRS "1.1" #endif +/* Not all LDAP implementations define this. */ +#ifndef LDAPS_PORT +#define LDAPS_PORT 636 +#endif + /* * Return a newly allocated C string copied from "pattern" with all * occurrences of the placeholder "$username" replaced with "user_name". -- 2.15.0