From: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> |
---|---|
To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
Cc: | pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: support for LDAP URLs |
Date: | 2012-11-26 21:15:06 |
Message-ID: | 20121126211505.GE4227@alvh.no-ip.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Peter Eisentraut wrote:
> Here is a patch to support RFC 2255 LDAP URLs in pg_hba.conf. So,
> instead of, say
>
> host ... ldap ldapserver=ldap.example.net ldapbasedn="dc=example, dc=net" ldapsearchattribute=uid
>
> you could write
>
> host ... ldap lapurl="ldap://ldap.example.net/dc=example,dc=net?uid?sub"
Should we be referencing RFC 4516 instead?
I'm not very fond of the way this entry is worded:
> + <varlistentry>
> + <term><literal>ldapurl</literal></term>
> + <listitem>
> + <para>
> + You can write most of the LDAP options alternatively using an RFC 2255
> + LDAP URL. The format is
> +<synopsis>
> +ldap://[<replaceable>user</replaceable>[:<replaceable>password</replaceable>](at)]<replaceable>host</replaceable>[:<replaceable>port</replaceable>]/<replaceable>basedn</replaceable>[?[<replaceable>attribute</replaceable>][?[<replaceable>scope</replaceable>]]]
> +</synopsis>
> + <replaceable>scope</replaceable> must be one
> + of <literal>base</literal>, <literal>one</literal>, <literal>sub</literal>,
> + typically the latter. Only one attribute is used, and some other
> + components of standard LDAP URLs such as filters and extensions are
> + not supported.
> + </para>
It seems completely unlike the rest, and it doesn't read like a
reference entry. How about starting with para containing just "An RFC
4516 LDAP URL", or something like that, and then expanding on the
details of the format outside the <varlist>?
--
Álvaro Herrera http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
From | Date | Subject | |
---|---|---|---|
Next Message | Kevin Grittner | 2012-11-26 21:24:33 | Re: Materialized views WIP patch |
Previous Message | Tom Lane | 2012-11-26 21:10:48 | Re: Removing PD_ALL_VISIBLE |