Added to TODO:
* Improve LDAP authentication configuration options
http://archives.postgresql.org/pgsql-hackers/2008-04/msg01745.php
---
steve layland wrote:
-- Start of PGP signed section.
Thank you all for your
Tom Lane wrote:
stephen layland [EMAIL PROTECTED] writes:
I've written a quick patch against the head branch (8.4DEV, but it also
works with 8.1.3 sources) to fix LDAP authentication support to
work with LDAPS servers that do not need start TLS. I'd be interested
to hear your opinions on
Tom Lane wrote:
I think a better idea is to embed the flag in the pg_hba.conf entry
itself. Perhaps something like ldapso: instead of ldaps: to
indicate old secure ldap protocol, or include another parameter
in the URL body.
FWIW, I'm working on a proposal to change how pg_hba.conf deals
Andreas Pflug wrote:
With ldaps on port 636 STARTTLS should NEVER be issued, so the
protocol identifier ldaps should be sufficient as do not issue
STARTTLS flag. IMHO the current pg_hba.conf implementation doesn't
follow the usual nomenclatura; ldap with TLS is still ldap. Using
ldaps as
Thank you all for your comments. I was unaware the ldaps: scheme was
not supposed to be used for LDAP+TLS encryption, but it makes sense now
that you mention it.
There's a nice discussion about how the folks working on mod_ldap for
Apache worked this out way back in 2005:
stephen layland [EMAIL PROTECTED] writes:
I've written a quick patch against the head branch (8.4DEV, but it also
works with 8.1.3 sources) to fix LDAP authentication support to
work with LDAPS servers that do not need start TLS. I'd be interested
to hear your opinions on this.
Not being an
Hey Postgres Hackers,
this is my first time here, so... hi!
I've written a quick patch against the head branch (8.4DEV, but it also
works with 8.1.3 sources) to fix LDAP authentication support to
work with LDAPS servers that do not need start TLS. I'd be interested
to hear your opinions on
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, Apr 26, 2008 at 11:02 AM, stephen layland wrote:
I've written a quick patch against the head branch (8.4DEV, but it also
works with 8.1.3 sources) to fix LDAP authentication support to
work with LDAPS servers that do not need start TLS.