| Lists: | pgsql-hackerspgsql-patches |
|---|
| From: | "Magnus Hagander" <mha(at)sollentuna(dot)net> |
|---|---|
| To: | "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | <pgsql-patches(at)postgresql(dot)org> |
| Subject: | Re: LDAP auth |
| Date: | 2006-03-05 20:11:00 |
| Message-ID: | 6BCB9D8A16AC4241919521715F4D8BCEA0F831@algol.sollentuna.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-hackers pgsql-patches |
> Awhile back, "Magnus Hagander" <mha(at)sollentuna(dot)net> wrote:
> > This patch adds native LDAP auth, for those platforms that
> don't have
> > PAM (such as Win32, but also unixen without PAM). On Unix, uses
> > OpenLDAP. On win32, uses the builin WinLDAP library.
>
> Is this patch still live, or do you want to withdraw it in
> light of the recent discussions about using libcurl?
I'm unsure wether libcurl does what we'd need, but I haven't looked into
the details (I did a very quick check on the web, but was unable to
quickly find what I was looking for).
Specifically, we want to just do an LDAP bind and not actually fetch
anything. Though I guess we could fetch the base DN without taking a lot
of performance...
Also, I'm unsure if they'll run with winldap on windows or add an extra
library dependence on openldap (which will cause problems when using
ldaps in windows, since you need a completely separate set of
certificates and stuff imported into openldap instead of using what
Windows alreayd set up for you). Their FAQ says they require openldap,
but a quick google shows maybe they don't.
Was there ever a decision in "the libcurl thread"? If we're going to
pull in libcurl as a dependency anyway, it would deifnitly be worthwhile
checking if we can use it here as well, if nothing else then just to get
rid of the configure steps. But if we don't use it elsewhere, I don't
see any reason to add an extra dependency.
//Magnus
| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Magnus Hagander" <mha(at)sollentuna(dot)net> |
| Cc: | pgsql-patches(at)postgresql(dot)org, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: [PATCHES] LDAP auth |
| Date: | 2006-03-05 20:20:43 |
| Message-ID: | 16389.1141590043@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-hackers pgsql-patches |
"Magnus Hagander" <mha(at)sollentuna(dot)net> writes:
> Was there ever a decision in "the libcurl thread"?
No, not yet.
Personally I'm unconvinced that we should depend on libcurl: if it's
going to use openldap to do LDAP work, then the only good reason to use
libcurl rather than openldap directly is if there's some clear use-case
for libcurl's other features. Which no one had presented AFAIR. I'm
still willing to be convinced though.
regards, tom lane
| From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
|---|---|
| To: | Magnus Hagander <mha(at)sollentuna(dot)net> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-patches(at)postgresql(dot)org |
| Subject: | Re: LDAP auth |
| Date: | 2006-03-06 02:09:36 |
| Message-ID: | 440B99E0.6030509@dunslane.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-hackers pgsql-patches |
Magnus Hagander wrote:
>>Awhile back, "Magnus Hagander" <mha(at)sollentuna(dot)net> wrote:
>>
>>
>>>This patch adds native LDAP auth, for those platforms that
>>>
>>>
>>don't have
>>
>>
>>>PAM (such as Win32, but also unixen without PAM). On Unix, uses
>>>OpenLDAP. On win32, uses the builin WinLDAP library.
>>>
>>>
>>Is this patch still live, or do you want to withdraw it in
>>light of the recent discussions about using libcurl?
>>
>>
>
>I'm unsure wether libcurl does what we'd need, but I haven't looked into
>the details (I did a very quick check on the web, but was unable to
>quickly find what I was looking for).
>
>Specifically, we want to just do an LDAP bind and not actually fetch
>anything. Though I guess we could fetch the base DN without taking a lot
>of performance...
>
>Also, I'm unsure if they'll run with winldap on windows or add an extra
>library dependence on openldap (which will cause problems when using
>ldaps in windows, since you need a completely separate set of
>certificates and stuff imported into openldap instead of using what
>Windows alreayd set up for you). Their FAQ says they require openldap,
>but a quick google shows maybe they don't.
>
>Was there ever a decision in "the libcurl thread"? If we're going to
>pull in libcurl as a dependency anyway, it would deifnitly be worthwhile
>checking if we can use it here as well, if nothing else then just to get
>rid of the configure steps. But if we don't use it elsewhere, I don't
>see any reason to add an extra dependency.
>
>
>
>
I suggested libcurl in another context, and not so much as a means of
getting at LDAP data as a means of getting config data from non-LDAP as
well as LDAP sources. If all we want is LDAP then using libcurl would
indeed be introducing an unnecessary dependency.
In this context, though, its use seems a bit odd.
cheers
andrew
| From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
| Cc: | Magnus Hagander <mha(at)sollentuna(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-patches(at)postgresql(dot)org |
| Subject: | Re: LDAP auth |
| Date: | 2006-03-06 02:11:17 |
| Message-ID: | 200603060211.k262BHW03930@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-hackers pgsql-patches |
Andrew Dunstan wrote:
> I suggested libcurl in another context, and not so much as a means of
> getting at LDAP data as a means of getting config data from non-LDAP as
> well as LDAP sources. If all we want is LDAP then using libcurl would
> indeed be introducing an unnecessary dependency.
>
> In this context, though, its use seems a bit odd.
Right, that's what I remember, the curl can _also_ be used to distribute
authentication data, but of course LDAP is more standard.
--
Bruce Momjian http://candle.pha.pa.us
SRA OSS, Inc. http://www.sraoss.com
+ If your life is a hard drive, Christ can be your backup. +