Apologies, forgot to attach the patch in the prior email.
On Sat, Mar 22, 2025 at 4:10 PM Andrew Jackson <andrewjackson...@gmail.com>
wrote:
> Currently the LDAP usage in fe-connect.c does not explicitly set the
> protocol version to v3. This causes issues with many LDAP servers as they
> will often require clients to use the v3 protocol and disallow any use of
> the v2 protocol. Further the other usage of LDAP in postgres (in
> `backend/libpq/auth.c`) uses the v3 protocol.
>
> This patch changes fe-connect.c so that it uses the v3 protocol similar to
> `backend/libpq/auth.c`.
>
> One further note is that I do not currently see any test coverage over the
> LDAP functionality in `fe-connect.c`. I am happy to add that to this patch
> if needed.
>
From f93256a5f80bde1d5de79941bd7313a014085f2b Mon Sep 17 00:00:00 2001
From: CommanderKeynes <andrewjackson...@gmail.coma>
Date: Sat, 22 Mar 2025 15:34:42 -0500
Subject: [PATCH v1] Set version 3 protocol
---
src/interfaces/libpq/fe-connect.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c
index d5051f5e820..40d7d176cf0 100644
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@@ -5413,6 +5413,7 @@ ldapServiceLookup(const char *purl, PQconninfoOption *options,
*entry;
struct berval **values;
LDAP_TIMEVAL time = {PGLDAP_TIMEOUT, 0};
+ int ldapversion = LDAP_VERSION3;
if ((url = strdup(purl)) == NULL)
{
@@ -5544,6 +5545,13 @@ ldapServiceLookup(const char *purl, PQconninfoOption *options,
return 3;
}
+ if ((ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &ldapversion)) != LDAP_SUCCESS)
+ {
+ free(url);
+ ldap_unbind(ld);
+ return 2;
+ }
+
/*
* Perform an explicit anonymous bind.
*
--
2.47.2
