On Mon, Oct 21, 2013 at 3:31 PM, Albe Laurenz laurenz.a...@wien.gv.atwrote:
Peter Eisentraut wrote:
--- 3511,3534
}
/*
! * Perform an explicit anonymous bind.
! * This is not necessary in principle, but we want to set a timeout
! * of PGLDAP_TIMEOUT
On 1/31/14, 6:32 PM, Bruce Momjian wrote:
On Mon, Oct 21, 2013 at 01:31:26PM +, Albe Laurenz wrote:
Bind attempts to an LDAP server should time out after two seconds,
allowing additional lines in the service control file to be parsed
(which provide a fall back to a secondary LDAP server or
On Mon, Oct 21, 2013 at 01:31:26PM +, Albe Laurenz wrote:
Bind attempts to an LDAP server should time out after two seconds,
allowing additional lines in the service control file to be parsed
(which provide a fall back to a secondary LDAP server or default options).
The existing code
Peter Eisentraut wrote:
--- 3511,3534
}
/*
! * Perform an explicit anonymous bind.
! * This is not necessary in principle, but we want to set a timeout
! * of PGLDAP_TIMEOUT seconds and return 2 if the connection fails.
! * Unfortunately there is no standard
Peter Eisentraut wrote:
[good suggestions for improvement]
I'll send an updated patch on Monday.
Yours,
Laurenz Albe
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
On Tue, 2013-09-24 at 15:07 +, Albe Laurenz wrote:
--- 3511,3534
}
/*
! * Perform an explicit anonymous bind.
! * This is not necessary in principle, but we want to set a timeout
! * of PGLDAP_TIMEOUT seconds and return 2 if the connection fails.
!
Abhijit Menon-Sen wrote:
I read through the patch, and it looks sensible.
Thanks for the thorough review!
I would have preferred the ldap_simple_bind_s() call in the HAVE_LIBLDAP
branch to not be inside an else {} (the if block above returns if there
is an error anyway), but that's a minor
At 2013-08-19 11:47:36 +, laurenz.a...@wien.gv.at wrote:
To repeat: this fixes a bug in LDAP connection parameter lookup
Hi.
I read through the patch, and it looks sensible.
I would have preferred the ldap_simple_bind_s() call in the HAVE_LIBLDAP
branch to not be inside an else {} (the if
Magnus Hagander wrote:
The patch should still be good, but if we keep the deprecated
OpenLDAP API, it might be more consistent to use ldap_simple_bind_s
instead of ldap_sasl_bind_s.
If you agree, I'll change that.
Sorry, you got this one in just as my vacation started.
Yes, I agree with
On Tue, Jul 23, 2013 at 11:53 AM, Albe Laurenz laurenz.a...@wien.gv.at wrote:
Magnus Hagander wrote:
In that case, doesn't this patch break Windows? We no longer do the
anonymous bind on Windows, since it's now in the #ifdef HAVE_LIBLDAP.
Don't we need to keep the ldap_simple_bind() call in
Magnus Hagander wrote:
In that case, doesn't this patch break Windows? We no longer do the
anonymous bind on Windows, since it's now in the #ifdef HAVE_LIBLDAP.
Don't we need to keep the ldap_simple_bind() call in the Windows case,
or break it up so the call to ldap_sasl_bind_s() is moved
On Mon, Jul 1, 2013 at 4:18 PM, Albe Laurenz laurenz.a...@wien.gv.at wrote:
Peter Eisentraut wrote:
Btw., I just checked the source code of Apache, PHP, and PAM, and they
are all unconditionally building with LDAP_DEPRECATED. So maybe there
is no hurry about this.
I don't think that the old
On Mon, Jul 1, 2013 at 4:16 PM, Albe Laurenz laurenz.a...@wien.gv.at wrote:
Magnus Hagander wrote:
On Tue, Feb 5, 2013 at 10:39 AM, Albe Laurenz laurenz.a...@wien.gv.at
wrote:
I found a small bug in the implementation of LDAP connection
parameter lookup.
[...]
As coded now, the timeout
On Tue, Feb 5, 2013 at 10:39 AM, Albe Laurenz laurenz.a...@wien.gv.at wrote:
I found a small bug in the implementation of LDAP connection
parameter lookup.
As documented in
http://www.postgresql.org/docs/current/static/libpq-ldap.html
processing should continue after a failed attempt
to
On 7/1/13 7:58 AM, Magnus Hagander wrote:
I also tried to fix the problem mentioned in
http://www.postgresql.org/message-id/CA+TgmoYnj=Es3L_0Q8+ijR4tVhvztW1fb=7c9k9gemzwqhp...@mail.gmail.com
that we use deprecated OpenLDAP functions, see the attached
ldap-undeprecate.patch.
I added a
Magnus Hagander wrote:
On Tue, Feb 5, 2013 at 10:39 AM, Albe Laurenz laurenz.a...@wien.gv.at wrote:
I found a small bug in the implementation of LDAP connection
parameter lookup.
[...]
As coded now, the timeout won't work - if the LDAP server
is down, ldap_simple_bind will wait for the
Peter Eisentraut wrote:
Btw., I just checked the source code of Apache, PHP, and PAM, and they
are all unconditionally building with LDAP_DEPRECATED. So maybe there
is no hurry about this.
I don't think that the old API functions will go away until there
is a new standard for the LDAP C API,
On Tue, Feb 5, 2013 at 4:39 AM, Albe Laurenz laurenz.a...@wien.gv.at wrote:
I guess it's too late for something like that to go into 9.3.
Should I add it to the next commitfest?
Bug fixes can go in pretty much whenever, but adding it to the next
CommitFest is a good way of backstopping it
I found a small bug in the implementation of LDAP connection
parameter lookup.
As documented in
http://www.postgresql.org/docs/current/static/libpq-ldap.html
processing should continue after a failed attempt
to connect to an LDAP server.
The code in src/interfaces/libpq/fe-connect.c defines a
19 matches
Mail list logo