On 9/12/17 19:04, Thomas Munro wrote:
>> Any further thoughts on the test suite? Otherwise I'll commit it as we
>> have it, for manual use.
done
> I wonder if there is a reasonable way to indicate or determine whether
> you have slapd installed so that check-world could run this test...
The
On Wed, Sep 13, 2017 at 8:04 AM, Thomas Munro
wrote:
> I wonder if there is a reasonable way to indicate or determine whether
> you have slapd installed so that check-world could run this test...
Module::Install's requires_external_bin is one:
On Wed, Sep 13, 2017 at 1:55 AM, Peter Eisentraut
wrote:
> On 9/11/17 23:58, Thomas Munro wrote:
>> Sounds good. Here it is with $username. It's nice not to have to
>> escape any characters in URLs. I suppose more keywords could be added
>> in follow-up
On 9/11/17 23:58, Thomas Munro wrote:
> Sounds good. Here it is with $username. It's nice not to have to
> escape any characters in URLs. I suppose more keywords could be added
> in follow-up patches if someone thinks that would be useful
> ($hostname, $dbname, ...?). I got sick of that buffer
On Tue, Sep 12, 2017 at 7:21 AM, Peter Eisentraut
wrote:
> On 9/8/17 13:24, Mark Cave-Ayland wrote:
>> My weapon of choice for LDAP deployments on POSIX-based systems is
>> Arthur De Jong's nss-pam-ldapd (https://arthurdejong.org/nss-pam-ldapd)
>> which is far
On 9/8/17 21:31, Thomas Munro wrote:
> +if ($^O eq 'darwin')
> +{
> + $slapd = '/usr/local/opt/openldap/libexec/slapd';
> + $ldap_schema_dir = '/usr/local/etc/openldap/schema';
> +}
>
> I'm guessing this is the MacPorts location, and someone from that
> other tribe that uses Brew can
On 9/8/17 13:24, Mark Cave-Ayland wrote:
> My weapon of choice for LDAP deployments on POSIX-based systems is
> Arthur De Jong's nss-pam-ldapd (https://arthurdejong.org/nss-pam-ldapd)
> which is far more flexible than pam_ldap and fixes a large number of
> bugs, including the tendency for pam_ldap
On Sat, Sep 9, 2017 at 3:33 AM, Peter Eisentraut
wrote:
> A couple of comments on this patch. I have attached a "fixup" patch on
> top of your v4 that should address them.
>
> - I think the bracketing of the LDAP URL synopsis is wrong.
+1
> - I have dropped
On Sat, Sep 9, 2017 at 3:36 AM, Peter Eisentraut
wrote:
> For additional entertainment I have written a test suite for this LDAP
> authentication functionality. It's not quite robust enough to be run by
> default, because it needs a full OpenLDAP installation,
On 08/09/17 16:33, Peter Eisentraut wrote:
> A couple of comments on this patch. I have attached a "fixup" patch on
> top of your v4 that should address them.
>
> - I think the bracketing of the LDAP URL synopsis is wrong.
>
> - I have dropped the sentence that LDAP URL extensions are not
>
For additional entertainment I have written a test suite for this LDAP
authentication functionality. It's not quite robust enough to be run by
default, because it needs a full OpenLDAP installation, but it's been
very helpful for reviewing this patch. Here it is.
--
Peter Eisentraut
A couple of comments on this patch. I have attached a "fixup" patch on
top of your v4 that should address them.
- I think the bracketing of the LDAP URL synopsis is wrong.
- I have dropped the sentence that LDAP URL extensions are not
supported. That sentence was written mainly to point out
On 01/08/17 23:17, Thomas Munro wrote:
> On Wed, Aug 2, 2017 at 5:36 AM, Peter Eisentraut
> wrote:
>> On 7/16/17 19:09, Thomas Munro wrote:
>>> On Mon, Jul 17, 2017 at 10:26 AM, Thomas Munro
>>> wrote:
On Wed, Aug 2, 2017 at 5:36 AM, Peter Eisentraut
wrote:
> On 7/16/17 19:09, Thomas Munro wrote:
>> On Mon, Jul 17, 2017 at 10:26 AM, Thomas Munro
>> wrote:
>>> ldap-search-filters-v2.patch
>>
>> Gah, it would help if I could spell
On 7/16/17 19:09, Thomas Munro wrote:
> On Mon, Jul 17, 2017 at 10:26 AM, Thomas Munro
> wrote:
>> ldap-search-filters-v2.patch
>
> Gah, it would help if I could spell "occurrences" correctly. Fixed in
> the attached.
Please also add the corresponding support for
On Sun, Jul 16, 2017 at 7:23 PM, Stephen Frost wrote:
>> Refusing to improve LDAP for the users who have no choice seems like a very
>> unfriendly thing to do.
>
> I'm fine with improving LDAP in general, but, as I tried to point out,
> having a way to make it easier to
On 17/07/17 18:08, Magnus Hagander wrote:
> On Mon, Jul 17, 2017 at 6:47 PM, Mark Cave-Ayland
> >
> wrote:
> Great to hear from you! It has definitely been a while...
>
> Indeed. You should spend more time on these lists
On Mon, Jul 17, 2017 at 6:47 PM, Mark Cave-Ayland <
mark.cave-ayl...@ilande.co.uk> wrote:
> On 17/07/17 13:09, Magnus Hagander wrote:
>
> Hi Magnus,
>
> Great to hear from you! It has definitely been a while...
>
Indeed. You should spend more time on these lists :P
>
> > Generally you
On 17/07/17 13:09, Magnus Hagander wrote:
Hi Magnus,
Great to hear from you! It has definitely been a while...
> Generally you find that you will be given the option to set the
> attribute for the default search filter of the form
> "(attribute=username)" which defaults to uid for
On Mon, Jul 17, 2017 at 1:23 AM, Stephen Frost wrote:
>
> * Magnus Hagander (mag...@hagander.net) wrote:
> > On Sun, Jul 16, 2017 at 11:05 PM, Stephen Frost
> wrote:
> > > I'd suggest that we try to understand why Kerberos couldn't be used in
> > > that
On Sun, Jul 16, 2017 at 7:58 PM, Mark Cave-Ayland <
mark.cave-ayl...@ilande.co.uk> wrote:
> On 16/07/17 00:08, Thomas Munro wrote:
>
> > On Fri, Jul 14, 2017 at 11:04 PM, Magnus Hagander
> wrote:
> >> On Thu, Jul 13, 2017 at 9:31 AM, Thomas Munro
> >>
On 17/07/17 00:14, Stephen Frost wrote:
>> If it helps, we normally recommend that clients use ldaps for both AD
>> and UNIX environments, although this can be trickier from an
>> administrative perspective in AD environments because it can require
>> changes to the Windows firewall and
Magnus,
* Magnus Hagander (mag...@hagander.net) wrote:
> On Sun, Jul 16, 2017 at 11:05 PM, Stephen Frost wrote:
> > I'd suggest that we try to understand why Kerberos couldn't be used in
> > that environment. I suspect in at least some cases what users would
> > like is the
Mark,
* Mark Cave-Ayland (mark.cave-ayl...@ilande.co.uk) wrote:
> On 16/07/17 23:26, Thomas Munro wrote:
> > Thank you very much for this feedback and example, which I used in the
> > documentation in the patch. I see similar examples in the
> > documentation for other things on the web.
> >
>
On Mon, Jul 17, 2017 at 10:26 AM, Thomas Munro
wrote:
> ldap-search-filters-v2.patch
Gah, it would help if I could spell "occurrences" correctly. Fixed in
the attached.
--
Thomas Munro
http://www.enterprisedb.com
ldap-search-filters-v3.patch
Description:
On 16/07/17 23:26, Thomas Munro wrote:
> Thank you very much for this feedback and example, which I used in the
> documentation in the patch. I see similar examples in the
> documentation for other things on the web.
>
> I'll leave it up to Magnus and Stephen to duke it out over whether we
>
On Mon, Jul 17, 2017 at 5:58 AM, Mark Cave-Ayland
wrote:
>> Any other views from LDAP-users?
>
> I've spent quite a bit of time integrating various bits of
> non-PostgreSQL software to LDAP and in my experience option 3 tends to
> be the standard.
>
> Generally you
On Sun, Jul 16, 2017 at 11:05 PM, Stephen Frost wrote:
> Magnus, all,
>
> * Magnus Hagander (mag...@hagander.net) wrote:
> > (FWIW, a workaround I've applied more than once to this in AD
> environments
> > (where kerberos for one reason or other can't be done, sorry Stephen)
Magnus, all,
* Magnus Hagander (mag...@hagander.net) wrote:
> (FWIW, a workaround I've applied more than once to this in AD environments
> (where kerberos for one reason or other can't be done, sorry Stephen) is to
> set up a RADIUS server and use that one as a "middle man". But it would be
>
On 16/07/17 00:08, Thomas Munro wrote:
> On Fri, Jul 14, 2017 at 11:04 PM, Magnus Hagander wrote:
>> On Thu, Jul 13, 2017 at 9:31 AM, Thomas Munro
>> wrote:
>>> A post on planet.postgresql.org today reminded me that a colleague had
>>> asked
On Sun, Jul 16, 2017 at 1:08 AM, Thomas Munro wrote:
> On Fri, Jul 14, 2017 at 11:04 PM, Magnus Hagander
> wrote:
> > On Thu, Jul 13, 2017 at 9:31 AM, Thomas Munro
> > wrote:
> >> A post on
On Fri, Jul 14, 2017 at 11:04 PM, Magnus Hagander wrote:
> On Thu, Jul 13, 2017 at 9:31 AM, Thomas Munro
> wrote:
>> A post on planet.postgresql.org today reminded me that a colleague had
>> asked me to post this POC patch here for discussion.
On Thu, Jul 13, 2017 at 9:31 AM, Thomas Munro wrote:
> Hi hackers,
>
> A customer asked how to use pg_hba.conf LDAP search+bind
> authentication to restrict logins to users in one of a small number of
> groups. ldapsearchattribute only lets you make filters like
Hi hackers,
A customer asked how to use pg_hba.conf LDAP search+bind
authentication to restrict logins to users in one of a small number of
groups. ldapsearchattribute only lets you make filters like
"(foo=username)", so it couldn't be done. Is there any reason we
should allow a more general
34 matches
Mail list logo