Re: [HACKERS] More flexible LDAP auth search filters?

On 17/07/17 00:14, Stephen Frost wrote: >> If it helps, we normally recommend that clients use ldaps for both AD >> and UNIX environments, although this can be trickier from an >> administrative perspective in AD environments because it can require >> changes to the Windows firewall and

Re: [HACKERS] segfault in HEAD when too many nested functions call

On Sat, Jul 15, 2017 at 11:22:37AM -0400, Tom Lane wrote: > Julien Rouhaud writes: > > Since b8d7f053c5c2bf2a7e8734fe3327f6a8bc711755 (Andres in Cc), if you > > write queries which result in infinite recursion (or just too many > > nested function calls), execution ends

Re: [HACKERS] More flexible LDAP auth search filters?

Magnus, * Magnus Hagander (mag...@hagander.net) wrote: > On Sun, Jul 16, 2017 at 11:05 PM, Stephen Frost wrote: > > I'd suggest that we try to understand why Kerberos couldn't be used in > > that environment. I suspect in at least some cases what users would > > like is the

Re: [HACKERS] More flexible LDAP auth search filters?

Mark, * Mark Cave-Ayland (mark.cave-ayl...@ilande.co.uk) wrote: > On 16/07/17 23:26, Thomas Munro wrote: > > Thank you very much for this feedback and example, which I used in the > > documentation in the patch. I see similar examples in the > > documentation for other things on the web. > > >

Re: [HACKERS] More flexible LDAP auth search filters?

On Mon, Jul 17, 2017 at 10:26 AM, Thomas Munro wrote: > ldap-search-filters-v2.patch Gah, it would help if I could spell "occurrences" correctly. Fixed in the attached. -- Thomas Munro http://www.enterprisedb.com ldap-search-filters-v3.patch Description:

Re: [HACKERS] More flexible LDAP auth search filters?

On 16/07/17 23:26, Thomas Munro wrote: > Thank you very much for this feedback and example, which I used in the > documentation in the patch. I see similar examples in the > documentation for other things on the web. > > I'll leave it up to Magnus and Stephen to duke it out over whether we >

Re: [HACKERS] More flexible LDAP auth search filters?

On Mon, Jul 17, 2017 at 5:58 AM, Mark Cave-Ayland wrote: >> Any other views from LDAP-users? > > I've spent quite a bit of time integrating various bits of > non-PostgreSQL software to LDAP and in my experience option 3 tends to > be the standard. > > Generally you

Re: [HACKERS] More flexible LDAP auth search filters?

On Sun, Jul 16, 2017 at 11:05 PM, Stephen Frost wrote: > Magnus, all, > > * Magnus Hagander (mag...@hagander.net) wrote: > > (FWIW, a workaround I've applied more than once to this in AD > environments > > (where kerberos for one reason or other can't be done, sorry Stephen)

Re: [HACKERS] More flexible LDAP auth search filters?

Magnus, all, * Magnus Hagander (mag...@hagander.net) wrote: > (FWIW, a workaround I've applied more than once to this in AD environments > (where kerberos for one reason or other can't be done, sorry Stephen) is to > set up a RADIUS server and use that one as a "middle man". But it would be >

Re: [HACKERS] Something for the TODO list: deprecating abstime and friends

On 15 July 2017 at 23:00, Tom Lane wrote: > While it's too late in the v10 cycle to do anything very meaningful > about this now, I am tempted to strengthen the deprecation notice's > wording from "might disappear" to "will disappear". "Will certainly disappear at some

Re: [HACKERS] More flexible LDAP auth search filters?

On 16/07/17 00:08, Thomas Munro wrote: > On Fri, Jul 14, 2017 at 11:04 PM, Magnus Hagander wrote: >> On Thu, Jul 13, 2017 at 9:31 AM, Thomas Munro >> wrote: >>> A post on planet.postgresql.org today reminded me that a colleague had >>> asked

[HACKERS] [GSOC][weekly report 6] Eliminate O(N^2) scaling from rw-conflict tracking in serializable transactions

In the last week: 1) I tried to find out what's wrong with my last patch: reducing the contention on SerializableFinishedListLock. 2) I used a skip list to replace the linked list to speedup conflict tracking. But there are still some bugs resulting in segment fault. Here is the

Re: [HACKERS] Something for the TODO list: deprecating abstime and friends

Robert Haas writes: > On Sat, Jul 15, 2017 at 6:00 PM, Tom Lane wrote: >> * contrib/spi/timetravel depends on abstime columns to represent what >> would nowadays be better done as a tstzrange. I'd have thought we >> could maybe toss that example module

Re: [HACKERS] Something for the TODO list: deprecating abstime and friends

On Sat, Jul 15, 2017 at 6:00 PM, Tom Lane wrote: > Right offhand, I don't think there is any functionality in these > types that isn't handled as well or better by timestamptz, interval, > and tstzrange respectively. And they're basically undocumented > except for a sort-of

Re: [HACKERS] More flexible LDAP auth search filters?

On Sun, Jul 16, 2017 at 1:08 AM, Thomas Munro wrote: > On Fri, Jul 14, 2017 at 11:04 PM, Magnus Hagander > wrote: > > On Thu, Jul 13, 2017 at 9:31 AM, Thomas Munro > > wrote: > >> A post on

Re: [HACKERS] Multi column range partition table

On 14 July 2017 at 06:12, Robert Haas wrote: > I agree that it's a big problem that (10, UNBOUNDED) > interpreted as a maximum value means first_column <= 10 and when > interpreted as a minimum value means first_column >= 10, because those > things aren't opposites of each

Re: [HACKERS] New partitioning - some feedback

On 16/07/17 05:24, David Fetter wrote: On Fri, Jul 14, 2017 at 09:49:25PM -0500, Robert Haas wrote: On Mon, Jul 10, 2017 at 5:46 PM, David Fetter wrote: With utmost respect, it's less messy than adding '!' to the already way too random and mysterious syntax of psql's \