Re: [HACKERS] Proposed Patch - LDAPS support for servers on port 636 w/o TLS

Added to TODO: * Improve LDAP authentication configuration options http://archives.postgresql.org/pgsql-hackers/2008-04/msg01745.php --- steve layland wrote: -- Start of PGP signed section. Thank you all for your

Re: [HACKERS] Proposed Patch - LDAPS support for servers on port 636 w/o TLS

Tom Lane wrote: stephen layland [EMAIL PROTECTED] writes: I've written a quick patch against the head branch (8.4DEV, but it also works with 8.1.3 sources) to fix LDAP authentication support to work with LDAPS servers that do not need start TLS. I'd be interested to hear your opinions on

Re: [HACKERS] Proposed Patch - LDAPS support for servers on port 636 w/o TLS

Tom Lane wrote: I think a better idea is to embed the flag in the pg_hba.conf entry itself. Perhaps something like ldapso: instead of ldaps: to indicate old secure ldap protocol, or include another parameter in the URL body. FWIW, I'm working on a proposal to change how pg_hba.conf deals

Re: [HACKERS] Proposed Patch - LDAPS support for servers on port 636 w/o TLS

Andreas Pflug wrote: With ldaps on port 636 STARTTLS should NEVER be issued, so the protocol identifier ldaps should be sufficient as do not issue STARTTLS flag. IMHO the current pg_hba.conf implementation doesn't follow the usual nomenclatura; ldap with TLS is still ldap. Using ldaps as

Re: [HACKERS] Proposed Patch - LDAPS support for servers on port 636 w/o TLS

Thank you all for your comments. I was unaware the ldaps: scheme was not supposed to be used for LDAP+TLS encryption, but it makes sense now that you mention it. There's a nice discussion about how the folks working on mod_ldap for Apache worked this out way back in 2005:

Re: [HACKERS] Proposed Patch - LDAPS support for servers on port 636 w/o TLS

stephen layland [EMAIL PROTECTED] writes: I've written a quick patch against the head branch (8.4DEV, but it also works with 8.1.3 sources) to fix LDAP authentication support to work with LDAPS servers that do not need start TLS. I'd be interested to hear your opinions on this. Not being an

[HACKERS] Proposed Patch - LDAPS support for servers on port 636 w/o TLS

Hey Postgres Hackers, this is my first time here, so... hi! I've written a quick patch against the head branch (8.4DEV, but it also works with 8.1.3 sources) to fix LDAP authentication support to work with LDAPS servers that do not need start TLS. I'd be interested to hear your opinions on

Re: [HACKERS] Proposed Patch - LDAPS support for servers on port 636 w/o TLS

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sat, Apr 26, 2008 at 11:02 AM, stephen layland wrote: I've written a quick patch against the head branch (8.4DEV, but it also works with 8.1.3 sources) to fix LDAP authentication support to work with LDAPS servers that do not need start TLS.