Re: [PATCH] Add an ldapoption to disable chasing LDAP referrals

Heya,

I see what you are saying, the problem as I see it is that the action we
are taking here is "disable chasing ldap referrals". If the name is
ldapreferrals and we use a boolean then setting it to 1 reads in a counter
intuitive manner:

"set ldapreferals=true to disable chasing LDAP referrals."

Perhaps you are fine with this though if it's documented? It does work in
the inverse way to pam_ldap, where setting to true enables referral
chasing. pam_ldap works like so:

not set : library default
set to 0 : disable referral chasing
set to 1 : enable referral chasing

The other option would be to have the default value (of the parameter) be
true and set the boolean to false to disable it. I can't find any other
examples of this though - I assume having a one off like this in the code
is a bad thing also?

I'm happy to let you guys decide.

Cheers,
James

James Sewell
PostgreSQL Team Lead / Solutions Architect
_____________________________________

[image:
http://www.lisasoft.com/sites/lisasoft/files/u1/2013hieghtslogan_0.png]

Level 2, 50 Queen St,
Melbourne, VIC, 3000

P: 03 8370 8000 F: 03 8370 8099 W: www.lisasoft.com

On Wed, Jul 3, 2013 at 6:12 PM, Magnus Hagander <magnus(at)hagander(dot)net> wrote:

>
> On Wed, Jul 3, 2013 at 3:04 AM, James Sewell <james(dot)sewell(at)lisasoft(dot)com>wrote:
>
>> Hey Peter,
>>
>> You are correct, it is the same as the referrals option in pam_ldap.
>> It's also the -C (sometimes -R - it seems ldapsearch options are pretty
>> non-standard) option in ldapsearch.
>>
>> As far as I'm aware you can't pass this in an LDAP URL, primarily because
>> this never gets sent to the LDAP server. The server always returns an LDIF
>> with inline references, this just determines if you chase them client side
>> or just list them as is.
>>
>> I could be missing something here, but using:
>>
>> ldapreferrals={0|1}
>>
>> Would require a three state type, as we need a way of not interfering
>> with the library defaults? To 'enable' the new behavior here using a
>> boolean you would need to set ldapreferrals=false - which with the normal
>> way of dealing with config booleans would alter the default behavior if the
>> option was not specified.
>>
>> How do you feel about:
>>
>> ldapdisablereferrals=(0|1)
>>
>>
> I agree with Peter that the negative thing is bad. l don't see the
> problem, really. If you don't specify it, you rely on library defaults. If
> you do specify it, we lock it to that setting. I don't see the need to
> specifically have a setting to rely on library defaults - just remove it
> from the line and you get that.
>
> --
> Magnus Hagander
> Me: http://www.hagander.net/
> Work: http://www.redpill-linpro.com/
>

--

------------------------------
The contents of this email are confidential and may be subject to legal or
professional privilege and copyright. No representation is made that this
email is free of viruses or other defects. If you have received this
communication in error, you may not copy or distribute any part of it or
otherwise disclose its contents to anyone. Please advise the sender of your
incorrect receipt of this correspondence.