From: | Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at> |
---|---|
To: | "Magnus Hagander *EXTERN*" <magnus(at)hagander(dot)net> |
Cc: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: LDAP: bugfix and deprecated OpenLDAP API |
Date: | 2013-07-23 09:53:27 |
Message-ID: | A737B7A37273E048B164557ADEF4A58B17BF06C1@ntex2010a.host.magwien.gv.at |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Magnus Hagander wrote:
> In that case, doesn't this patch break Windows? We no longer do the
> anonymous bind on Windows, since it's now in the #ifdef HAVE_LIBLDAP.
>
> Don't we need to keep the ldap_simple_bind() call in the Windows case,
> or break it up so the call to ldap_sasl_bind_s() is moved outside the
> #ifdef? At least I can't find anything in the docs that indicate that
> ldap_connect() on Windows would actually call that for us - only the
> other way around?
This patch works for the Windows case, because ldap_connect performs
an anonymous bind, see
http://msdn.microsoft.com/en-us/library/windows/desktop/aa366171%28v=vs.85%29.aspx
If the call to ldap_connect succeeds, the client is connected
to the LDAP server as an anonymous user. The session handle
should be freed with a call to ldap_unbind when it is no longer required.
> I'm going to set this patch as returned with feedback for now, but
> please feel free to comment on above and possibly resubmit if
> necessary before the CF and I'll see if I can deal with it before the
> next CF anyway, as it's a bug fix.
The patch should still be good, but if we keep the deprecated
OpenLDAP API, it might be more consistent to use ldap_simple_bind_s
instead of ldap_sasl_bind_s.
If you agree, I'll change that.
Yours,
Laurenz Albe
From | Date | Subject | |
---|---|---|---|
Next Message | Marc Cousin | 2013-07-23 10:02:38 | Performance problem in PLPgSQL |
Previous Message | Andres Freund | 2013-07-23 08:51:28 | Re: changeset generation v5-01 - Patches & git tree |