On Sat, Nov 4, 2017 at 2:05 AM, Thomas Munro <thomas.mu...@enterprisedb.com> wrote: > I've only tested the attached lightly on FreeBSD + OpenLDAP and > don't know if it'll work elsewhere.
While rebasing this on top of a nearby changes, I looked into how portable it is. The previous version unconditionally used ldap_initialize() instead of ldap_init() in order to be able to pass in ldap or ldaps. According to the man pages on my system: At this time, ldap_open() and ldap_init() are deprecated in favor of ldap_initialize(), essentially because the latter allows to specify a schema in the URI and it explicitly returns an error code. But: 1. It looks like ldap_initialize() arrived in OpenLDAP 2.4 (2007), which means that it won't work with RHEL5's OpenLDAP 2.3. That's a vintage still found in the build farm. This new version of the patch has a configure test so it can fall back to ldap_init(), dropping ldaps support. That is possibly also necessary for other implementations. 2. Windows doesn't have ldap_initialize(), but it has ldap_sslinit() which adds an SSL boolean argument. I've included (but not tested) code for that. I would need a Windows + LDAP savvy person to help test that. I'm not sure if it should also do an LDAP_OPT_SSL check to see if the server forced the connection back to plaintext as shown in the Microsoft docs, or if that should be considered OK, or it should be an option. BTW, Stephen Layland posted a patch for ldaps years ago. It must have worked some other way though, because he mentions RHEL 4 and OpenLDAP 2.2/2.3. Unfortunately the patch wasn't attached and the referenced webserver has disappeared from the intertubes. I've added this to the January Commitfest.  https://msdn.microsoft.com/en-us/library/aa366996(v=vs.85).aspx  https://msdn.microsoft.com/en-us/library/aa366105(v=vs.85).aspx  https://www.postgresql.org/message-id/20080426010240.gs5...@68k.org -- Thomas Munro http://www.enterprisedb.com
Description: Binary data
-- Sent via pgsql-hackers mailing list (email@example.com) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers