Skip site navigation (1) Skip section navigation (2)

pgsql: Allow ldaps when using ldap authentication

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: pgsql-committers(at)postgresql(dot)org
Subject: pgsql: Allow ldaps when using ldap authentication
Date: 2018-01-03 15:14:24
Message-ID: E1eWkkK-00083z-1r@gemulon.postgresql.org (view raw, whole thread or download thread mbox)
Thread:
Lists: pgsql-committers
Allow ldaps when using ldap authentication

While ldaptls=1 provides an RFC 4513 conforming way to do LDAP
authentication with TLS encryption, there was an earlier de facto
standard way to do LDAP over SSL called LDAPS.  Even though it's not
enshrined in a standard, it's still widely used and sometimes required
by organizations' network policies.  There seems to be no reason not to
support it when available in the client library.  Therefore, add support
when using OpenLDAP 2.4+ or Windows.  It can be configured with
ldapscheme=ldaps or ldapurl=ldaps://...

Add tests for both ways of requesting LDAPS and a test for the
pre-existing ldaptls=1.  Modify the 001_auth.pl test for "diagnostic
messages", which was previously relying on the server rejecting
ldaptls=1.

Author: Thomas Munro
Reviewed-By: Peter Eisentraut
Discussion: https://postgr.es/m/CAEepm=1s+pA-LZUjQ-9GQz0Z4rX_eK=DFXAF1nBQ+ROPimuOYQ@mail.gmail.com

Branch
------
master

Details
-------
https://git.postgresql.org/pg/commitdiff/35c0754fadca8010955f6b10cb47af00bdbe1286

Modified Files
--------------
configure                     | 11 ++++++++
configure.in                  |  1 +
doc/src/sgml/client-auth.sgml | 50 ++++++++++++++++++++++++++---------
src/backend/libpq/auth.c      | 59 ++++++++++++++++++++++++++++++++++++-----
src/backend/libpq/hba.c       | 16 +++++++++++-
src/include/libpq/hba.h       |  1 +
src/include/pg_config.h.in    |  3 +++
src/test/ldap/t/001_auth.pl   | 61 ++++++++++++++++++++++++++++++++++++++++---
8 files changed, 178 insertions(+), 24 deletions(-)

Responses

pgsql-committers by date

Next:From: Tom LaneDate: 2018-01-03 17:35:26
Subject: pgsql: Teach eval_const_expressions() to handle some more cases.
Previous:From: Alvaro HerreraDate: 2018-01-03 15:09:56
Subject: Re: pgsql: Fix deadlock hazard in CREATE INDEX CONCURRENTLY

Privacy Policy | About PostgreSQL
Copyright © 1996-2018 The PostgreSQL Global Development Group