On 1/2/18 14:56, Thomas Munro wrote: >> A small point on the test changes. You change the test under >> "diagnostic message", but I'm not sure why. Do the changes invalidate >> the existing test? > > Yeah. In master, I was relying on the server rejecting ldaptls=1 > requests due to lack of configured certificate in order to generate a > diagnostic message. Now that there is a certificate, I needed to find > another way to get requests rejected with a diagnostic message. I > have added a brief note to the commit message about this. > >> We should probably also add another "note" call to introduce the LDAPS >> tests section. > > I realised that I should probably also include a new test for > ldaptls=1, so that we can see that both ways of doing TLS are working. > I added that test, and added a "note" to label the whole section as > "TLS". Please see attached.
Committed. I added a test case for combining LDAPS with StartTLS. The OpenLDAP library sensibly rejects that, so we don't need to do anything ourselves to prevent that. -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
