Here is the same patch as v2 but with "const" removed in case you want to move forward with that change. Tested locally against the tests I wrote in the other patch to sanity check the change.
On Thu, Apr 3, 2025 at 8:42 AM Tom Lane <t...@sss.pgh.pa.us> wrote: > Peter Eisentraut <pe...@eisentraut.org> writes: > > Here is a slightly polished version of this patch. I added an error > > message, and changed the return code, but it's a bit confusing which one > > might be the right one. > > I'm kind of -0.5 on declaring the variable as "const", because none of > our existing calls of ldap_set_option do that. I do see that the > Linux man page for ldap_set_option claims that that argument can be > const, but I think you're risking a portability gotcha for no large > gain. LGTM otherwise. > > > My hunch right now is that we should probably take the patch that sets > > the version option and consider it for backpatching. The patch with the > > tests can be held for detailed review later. > > +1 for that plan. > > regards, tom lane >
From 4684d5cd1bc5c5150f6435bf2be1be9f957a4429 Mon Sep 17 00:00:00 2001 From: Peter Eisentraut <pe...@eisentraut.org> Date: Thu, 3 Apr 2025 15:06:13 +0200 Subject: [PATCH] libpq: Set LDAP protocol version 3 Some LDAP servers reject the default version 2 protocol. So set version 3 before starting the connection. This matches how the backend LDAP code has worked all along. Co-authored-by: Andrew Jackson <andrewjackson...@gmail.com> Discussion: https://www.postgresql.org/message-id/flat/CAKK5BkHixcivSCA9pfd_eUp7wkLRhvQ6OtGLAYrWC%3Dk7E76LDQ%40mail.gmail.com --- src/interfaces/libpq/fe-connect.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c index ddcc7b60ab0..d9d064174de 100644 --- a/src/interfaces/libpq/fe-connect.c +++ b/src/interfaces/libpq/fe-connect.c @@ -5069,6 +5069,7 @@ ldapServiceLookup(const char *purl, PQconninfoOption *options, *entry; struct berval **values; LDAP_TIMEVAL time = {PGLDAP_TIMEOUT, 0}; + int ldapversion = LDAP_VERSION3; if ((url = strdup(purl)) == NULL) { @@ -5200,6 +5201,15 @@ ldapServiceLookup(const char *purl, PQconninfoOption *options, return 3; } + if ((rc = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &ldapversion)) != LDAP_SUCCESS) + { + libpq_append_error(errorMessage, "could not set LDAP protocol version: %s", + ldap_err2string(rc)); + free(url); + ldap_unbind(ld); + return 3; + } + /* * Perform an explicit anonymous bind. * -- 2.47.2