On Mon, Sep 14, 2009 at 4:23 PM, Tom Lane <t...@sss.pgh.pa.us> wrote:
> Robert Fleming <flemi...@gmail.com> writes: > > But I would like to authenticate to PostgreSQL using the "uid" LDAP > > attribute, > > What value does that have that would justify doubling the time needed > to authenticate? (I presume two LDAP requests will take about twice > as long as one...) That's just the way the company LDAP is setup -- it's out of my control unfortunately. Our schema used to have the uid in the DN, and I always wrote our enterprise software to just do the bind without a search. When the LDAP schema changed, my reaction was the same as yours, but when I saw that Bugzilla, MediaWiki, etc. accommodate it without flinching, I figured it wasn't too uncommon, so I changed my own software. Other software that supports it: Tiki wiki, Apache's mod_authnz_ldap, ejabberd. I think I had to tweak some Perl for jabberd <jabberd.org> to handle it. It might be twice as slow, but if PostgreSQL were smart or configurable enough, it could skip the search when not necessary. So performance needn't be impacted. Robert
