On 02 Feb 2019, at 01:57, Thomas Munro <thomas.mu...@enterprisedb.com> wrote:
> On Sat, Feb 2, 2019 at 9:25 AM Graham Leggett <minf...@sharp.fm> wrote: >> On 25 Sep 2018, at 04:09, Thomas Munro <thomas.mu...@enterprisedb.com> wrote: >>> Some people like to use DNS SRV records to advertise LDAP servers on >>> their network. Microsoft Active Directory is usually (always?) set up >>> that way. Here is a patch to allow our LDAP auth module to support >>> that kind of discovery. >> >> Does this support SSL/TLS? > > I didn't try it myself but I found several claims that it works. I > see complaints that it always looks for _ldap._tcp and not _ldaps._tcp > as you might expect when using ldascheme=ldaps, but that doesn't seem > to be a big problem. As for ldaptls=1, that must work because it > doesn't even negotiate that until after the connection is made. If the LDAP server was bound to port 636, how would the client know to use a direct SSL/TLS connection and not STARTTLS? Regards, Graham —