| From: | James Sewell <james(dot)sewell(at)lisasoft(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | [PATCH] Add an ldapoption to disable chasing LDAP referrals |
| Date: | 2013-07-02 04:20:15 |
| Message-ID: | CANkGpBu2EkirC37h=xwLuB+peg8cHoaDX0yXWutsXijMPXLC7Q@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hey All,
This patch request grew from this post (of mine) to pgsql-general:
The patch adds another available LDAP option (ldapnochaseref) for
search+bind mode in the pg_hba.conf fil. If set to 1 (0 is default) then it
performs a ldap_set_option which disables chasing of any LDAP references
which are returned as part of the search LDIF.
I can think of two use cases for this:
1. (the case which spawned my email) A valid search is performed, but
for some reason a "ref:" with a non responsive LDAP server is returned as
well, which causes the authentication to time out (could be intermittent if
DNS round robin or similar is used and some of the LDAP servers are not
functioning / a packet dropping firewall is in the way).
2. (a case I found when testing with AD) A valid search is performed and
6 "ref:" entries are returned, which all must be chased before
authentication can succeed. Setting ldapnochaseref speeds up authentication
with no negative cost (assuming you understand your LDAP schema).
I think it's work noting that this setting seems to be the default for
ldapsearch on Linux these days.
Hopefully I found all the documentation that I was meant to update, let me
know if not though.
Cheers,
James Sewell
PostgreSQL Team Lead / Solutions Architect
_____________________________________
[image:
http://www.lisasoft.com/sites/lisasoft/files/u1/2013hieghtslogan_0.png]
Level 2, 50 Queen St,
Melbourne, VIC, 3000
P: 03 8370 8000 F: 03 8370 8099 W: www.lisasoft.com
--
------------------------------
The contents of this email are confidential and may be subject to legal or
professional privilege and copyright. No representation is made that this
email is free of viruses or other defects. If you have received this
communication in error, you may not copy or distribute any part of it or
otherwise disclose its contents to anyone. Please advise the sender of your
incorrect receipt of this correspondence.
| Attachment | Content-Type | Size |
|---|---|---|
| pgsql_ldapnochaseref_v1.diff | application/octet-stream | 2.2 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Atri Sharma | 2013-07-02 04:33:57 | Re: Randomisation for ensuring nlogn complexity in quicksort |
| Previous Message | Tom Lane | 2013-07-02 04:03:10 | Re: Support for RANGE ... PRECEDING windows in OVER |
