Added to TODO:
* Improve LDAP authentication configuration options
http://archives.postgresql.org/pgsql-hackers/2008-04/msg01745.php
---
steve layland wrote:
-- Start of PGP signed section.
> Thank you all for your comm
Thank you all for your comments. I was unaware the ldaps: scheme was
not supposed to be used for LDAP+TLS encryption, but it makes sense now
that you mention it.
There's a nice discussion about how the folks working on mod_ldap for
Apache worked this out way back in 2005:
http://mail-archives.ap
Andreas Pflug wrote:
With ldaps on port 636 STARTTLS should NEVER be issued, so the
protocol identifier ldaps should be sufficient as "do not issue
STARTTLS" flag. IMHO the current pg_hba.conf implementation doesn't
follow the usual nomenclatura; ldap with TLS is still ldap. Using
ldaps as ind
Tom Lane wrote:
> I think a better idea is to embed the flag in the pg_hba.conf entry
> itself. Perhaps something like "ldapso:" instead of "ldaps:" to
> indicate "old" secure ldap protocol, or include another parameter
> in the URL body.
FWIW, I'm working on a proposal to change how pg_hba.conf
Tom Lane wrote:
stephen layland <[EMAIL PROTECTED]> writes:
I've written a quick patch against the head branch (8.4DEV, but it also
works with 8.1.3 sources) to fix LDAP authentication support to
work with LDAPS servers that do not need start TLS. I'd be interested
to hear your opinions on
stephen layland <[EMAIL PROTECTED]> writes:
> I've written a quick patch against the head branch (8.4DEV, but it also
> works with 8.1.3 sources) to fix LDAP authentication support to
> work with LDAPS servers that do not need start TLS. I'd be interested
> to hear your opinions on this.
Not bei
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, Apr 26, 2008 at 11:02 AM, stephen layland wrote:
> I've written a quick patch against the head branch (8.4DEV, but it also
> works with 8.1.3 sources) to fix LDAP authentication support to
> work with LDAPS servers that do not need start TL
Hey Postgres Hackers,
this is my first time here, so... hi!
I've written a quick patch against the head branch (8.4DEV, but it also
works with 8.1.3 sources) to fix LDAP authentication support to
work with LDAPS servers that do not need start TLS. I'd be interested
to hear your opinions on this