On Mon, Oct 21, 2013 at 3:31 PM, Albe Laurenz wrote:
> Peter Eisentraut wrote:
> >> --- 3511,3534
> >> }
> >>
> >> /*
> >> ! * Perform an explicit anonymous bind.
> >> ! * This is not necessary in principle, but we want to set a timeout
> >> ! * of PGLDAP_TIMEOUT seconds
On 1/31/14, 6:32 PM, Bruce Momjian wrote:
> On Mon, Oct 21, 2013 at 01:31:26PM +, Albe Laurenz wrote:
>> Bind attempts to an LDAP server should time out after two seconds,
>> allowing additional lines in the service control file to be parsed
>> (which provide a fall back to a secondary LDAP ser
On Mon, Oct 21, 2013 at 01:31:26PM +, Albe Laurenz wrote:
> Bind attempts to an LDAP server should time out after two seconds,
> allowing additional lines in the service control file to be parsed
> (which provide a fall back to a secondary LDAP server or default options).
> The existing code fa
Peter Eisentraut wrote:
>> --- 3511,3534
>> }
>>
>> /*
>> ! * Perform an explicit anonymous bind.
>> ! * This is not necessary in principle, but we want to set a timeout
>> ! * of PGLDAP_TIMEOUT seconds and return 2 if the connection fails.
>> ! * Unfortunately there
Peter Eisentraut wrote:
[good suggestions for improvement]
I'll send an updated patch on Monday.
Yours,
Laurenz Albe
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
On Tue, 2013-09-24 at 15:07 +, Albe Laurenz wrote:
> --- 3511,3534
> }
>
> /*
> ! * Perform an explicit anonymous bind.
> ! * This is not necessary in principle, but we want to set a timeout
> ! * of PGLDAP_TIMEOUT seconds and return 2 if the connection fails.
Abhijit Menon-Sen wrote:
> I read through the patch, and it looks sensible.
Thanks for the thorough review!
> I would have preferred the ldap_simple_bind_s() call in the HAVE_LIBLDAP
> branch to not be inside an else {} (the if block above returns if there
> is an error anyway), but that's a mino
At 2013-08-19 11:47:36 +, laurenz.a...@wien.gv.at wrote:
>
> To repeat: this fixes a bug in LDAP connection parameter lookup
Hi.
I read through the patch, and it looks sensible.
I would have preferred the ldap_simple_bind_s() call in the HAVE_LIBLDAP
branch to not be inside an else {} (the i
Magnus Hagander wrote:
>> The patch should still be good, but if we keep the deprecated
>> OpenLDAP API, it might be more consistent to use ldap_simple_bind_s
>> instead of ldap_sasl_bind_s.
>>
>> If you agree, I'll change that.
>
> Sorry, you got this one in just as my vacation started.
>
> Yes,
On Tue, Jul 23, 2013 at 11:53 AM, Albe Laurenz wrote:
> Magnus Hagander wrote:
>> In that case, doesn't this patch break Windows? We no longer do the
>> anonymous bind on Windows, since it's now in the #ifdef HAVE_LIBLDAP.
>>
>> Don't we need to keep the ldap_simple_bind() call in the Windows case
Magnus Hagander wrote:
> In that case, doesn't this patch break Windows? We no longer do the
> anonymous bind on Windows, since it's now in the #ifdef HAVE_LIBLDAP.
>
> Don't we need to keep the ldap_simple_bind() call in the Windows case,
> or break it up so the call to ldap_sasl_bind_s() is moved
On Mon, Jul 1, 2013 at 4:16 PM, Albe Laurenz wrote:
> Magnus Hagander wrote:
>> On Tue, Feb 5, 2013 at 10:39 AM, Albe Laurenz
>> wrote:
>>> I found a small bug in the implementation of LDAP connection
>>> parameter lookup.
>
> [...]
>
>>> As coded now, the timeout won't work - if the LDAP server
On Mon, Jul 1, 2013 at 4:18 PM, Albe Laurenz wrote:
> Peter Eisentraut wrote:
>> Btw., I just checked the source code of Apache, PHP, and PAM, and they
>> are all unconditionally building with LDAP_DEPRECATED. So maybe there
>> is no hurry about this.
>
> I don't think that the old API functions
Peter Eisentraut wrote:
> Btw., I just checked the source code of Apache, PHP, and PAM, and they
> are all unconditionally building with LDAP_DEPRECATED. So maybe there
> is no hurry about this.
I don't think that the old API functions will go away until there
is a new standard for the LDAP C API
Magnus Hagander wrote:
> On Tue, Feb 5, 2013 at 10:39 AM, Albe Laurenz wrote:
>> I found a small bug in the implementation of LDAP connection
>> parameter lookup.
[...]
>> As coded now, the timeout won't work - if the LDAP server
>> is down, ldap_simple_bind will wait for the network
>> timeout,
On 7/1/13 7:58 AM, Magnus Hagander wrote:
>> I also tried to fix the problem mentioned in
>> > http://www.postgresql.org/message-id/CA+TgmoYnj=Es3L_0Q8+ijR4tVhvztW1fb=7c9k9gemzwqhp...@mail.gmail.com
>> > that we use deprecated OpenLDAP functions, see the attached
>> > ldap-undeprecate.patch.
>> >
>
On Tue, Feb 5, 2013 at 10:39 AM, Albe Laurenz wrote:
> I found a small bug in the implementation of LDAP connection
> parameter lookup.
>
> As documented in
> http://www.postgresql.org/docs/current/static/libpq-ldap.html
> processing should continue after a failed attempt
> to connect to an LDAP s
On Tue, Feb 5, 2013 at 4:39 AM, Albe Laurenz wrote:
> I guess it's too late for something like that to go into 9.3.
> Should I add it to the next commitfest?
Bug fixes can go in pretty much whenever, but adding it to the next
CommitFest is a good way of backstopping it against the possibility
tha
I found a small bug in the implementation of LDAP connection
parameter lookup.
As documented in
http://www.postgresql.org/docs/current/static/libpq-ldap.html
processing should continue after a failed attempt
to connect to an LDAP server.
The code in src/interfaces/libpq/fe-connect.c defines a
tim
19 matches
Mail list logo
