Re: Proposed Patch - LDAPS support for servers on port 636 w/o TLS

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: stephen layland <steve(at)68k(dot)org>, Postgres Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Proposed Patch - LDAPS support for servers on port 636 w/o TLS
Date: 2008-05-05 11:51:25
Message-ID: 20080505135125.5afaafb2@mha-laptop.hagander.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Tom Lane wrote:
> I think a better idea is to embed the flag in the pg_hba.conf entry
> itself. Perhaps something like "ldapso:" instead of "ldaps:" to
> indicate "old" secure ldap protocol, or include another parameter
> in the URL body.

FWIW, I'm working on a proposal to change how pg_hba.conf deals with
the parameter field to make it easier to do things like this, by
using a name/value pair setup instead. The LDAP url is one reason -
it's hacky enough already *before* we add this kind of option to it...

//Magnus

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Andrew Dunstan 2008-05-05 13:01:25 Re: statement timeout vs dump/restore
Previous Message Andreas Pflug 2008-05-05 11:40:38 Re: Proposed Patch - LDAPS support for servers on port 636 w/o TLS