On Tue, Feb 5, 2013 at 10:39 AM, Albe Laurenz <laurenz.a...@wien.gv.at> wrote: > I found a small bug in the implementation of LDAP connection > parameter lookup. > > As documented in > http://www.postgresql.org/docs/current/static/libpq-ldap.html > processing should continue after a failed attempt > to connect to an LDAP server. > > The code in src/interfaces/libpq/fe-connect.c defines a > timeout of two seconds so that this failure won't block > the libpq connection attempt for a long time. > > As coded now, the timeout won't work - if the LDAP server > is down, ldap_simple_bind will wait for the network > timeout, which will be quite longer than 2 seconds. > > The attached patch ldap-bug.patch fixes this problem; > unfortunately I found no way that works both with OpenLDAP > and Windows LDAP, so I had to add an #ifdef. > > I think that this patch should be applied and backpatched.
So just to be clear - the difference is we're going from implicit anonymous bind, to an explicit one? We're not actually causing an extra bind compared to previous versions? > I also tried to fix the problem mentioned in > http://www.postgresql.org/message-id/CA+TgmoYnj=Es3L_0Q8+ijR4tVhvztW1fb=7c9k9gemzwqhp...@mail.gmail.com > that we use deprecated OpenLDAP functions, see the attached > ldap-undeprecate.patch. > > I added a file ldap.c in src/port with my own implementation > of some of the functions that OpenLDAP has deprecated. > With that, the code changes necessary are pretty minimal. Doesn't this need a version check against OpenSSL at some point, or a configure check? Are we just assuming that all versions that people ever use have the function deprecated? (That's probably not entirely unreasonable, just double checking) -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers