On Sat, Feb 2, 2019 at 9:25 AM Graham Leggett <[email protected]> wrote: > On 25 Sep 2018, at 04:09, Thomas Munro <[email protected]> wrote: > > Some people like to use DNS SRV records to advertise LDAP servers on > > their network. Microsoft Active Directory is usually (always?) set up > > that way. Here is a patch to allow our LDAP auth module to support > > that kind of discovery. > > Does this support SSL/TLS?
I didn't try it myself but I found several claims that it works. I see complaints that it always looks for _ldap._tcp and not _ldaps._tcp as you might expect when using ldascheme=ldaps, but that doesn't seem to be a big problem. As for ldaptls=1, that must work because it doesn't even negotiate that until after the connection is made. -- Thomas Munro http://www.enterprisedb.com
