Skip site navigation (1) Skip section navigation (2)

Re: new feature: LDAP database name resolution

From: Andrew Dunstan <andrew(at)dunslane(dot)net>
To: Albe Laurenz <all(at)adv(dot)magwien(dot)gv(dot)at>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: new feature: LDAP database name resolution
Date: 2006-02-28 13:48:49
Message-ID: 440454C1.1050706@dunslane.net (view raw or flat)
Thread:
Lists: pgsql-hackers

Albe Laurenz wrote:

>I am now in the process of writing a patch against CVS HEAD that
>changes fe-connect.c as follows:
>
>- If there is a 'service' option or PGSERVICE is set, AND the
>environment
>  PGLDAPSERVERS is set to a comma separated list of LDAP server URIs,
>  LDAP name resolution cuts in.
>- Before pg_services.conf is examined, the LDAP servers are contacted
>  in order until a connection can be established.
>- The server is queried for an entry whose distinguished name is
>  the value of 'service'. A certain attribute is retrieved.
>- The resulting string is parsed for options.
>- If that fails, pg_services.conf is read as fallback.
>
>I have added a configure option --with-openldap to enable the code.
>
>Does that make sense to you?
>
>Should I try to polish and test the code and submit it as a patch
>or is this a lost effort?
>
>Do you have ideas for improvement?
>  
>


I would still much prefer to see remote config fetching done in a more 
general way, using say libcurl (which handles ldap just fine if openldap 
is available). Then we could fetch the config from a variety of sources, 
not just ldap. Libcurl uses a modified MIT license, so we should not 
have any problems on that score. And with luck it would involve less 
postgres code maintenance.

The blurb on the libcurl page at http://curl.haxx.se/libcurl/ says:

    libcurl is a free <http://curl.haxx.se/docs/copyright.html> and
    easy-to-use client-side URL transfer library, supporting FTP, FTPS,
    TFTP, HTTP, HTTPS, TELNET, DICT, FILE and LDAP. libcurl supports
    HTTPS certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form
    based upload, proxies, cookies, user+password authentication (Basic,
    Digest, NTLM, Negotiate, Kerberos4), file transfer resume, http
    proxy tunneling and more! 

    libcurl is highly portable, it builds and works identically on
    numerous platforms, including Solaris, NetBSD, FreeBSD, OpenBSD,
    Darwin, HPUX, IRIX, AIX, Tru64, Linux, UnixWare, HURD, Windows,
    Amiga, OS/2, BeOs, Mac OS X, Ultrix, QNX, OpenVMS, RISC OS, Novell
    NetWare, DOS and more...


cheers

andrew

In response to

Responses

pgsql-hackers by date

Next:From: Martijn van OosterhoutDate: 2006-02-28 13:49:07
Subject: Re: [HACKERS] how solve diff of API counstruct_md_array between
Previous:From: Simon RiggsDate: 2006-02-28 13:22:35
Subject: Re: Vacuum dead tuples that are "between" transactions

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group