I found a small bug in the implementation of LDAP connection parameter lookup.
As documented in http://www.postgresql.org/docs/current/static/libpq-ldap.html processing should continue after a failed attempt to connect to an LDAP server. The code in src/interfaces/libpq/fe-connect.c defines a timeout of two seconds so that this failure won't block the libpq connection attempt for a long time. As coded now, the timeout won't work - if the LDAP server is down, ldap_simple_bind will wait for the network timeout, which will be quite longer than 2 seconds. The attached patch ldap-bug.patch fixes this problem; unfortunately I found no way that works both with OpenLDAP and Windows LDAP, so I had to add an #ifdef. I think that this patch should be applied and backpatched. I also tried to fix the problem mentioned in http://www.postgresql.org/message-id/CA+TgmoYnj=Es3L_0Q8+ijR4tVhvztW1fb=7c9k9gemzwqhp...@mail.gmail.com that we use deprecated OpenLDAP functions, see the attached ldap-undeprecate.patch. I added a file ldap.c in src/port with my own implementation of some of the functions that OpenLDAP has deprecated. With that, the code changes necessary are pretty minimal. I guess it's too late for something like that to go into 9.3. Should I add it to the next commitfest? Yours, Laurenz Albe
ldap-undeprecate.patch
Description: ldap-undeprecate.patch
ldap-bug.patch
Description: ldap-bug.patch
-- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers