"Albe Laurenz" <all@adv.magwien.gv.at> writes:
> I am now in the process of writing a patch against CVS HEAD that
> changes fe-connect.c as follows:
> - If there is a 'service' option or PGSERVICE is set, AND the
> environment
> PGLDAPSERVERS is set to a comma separated list of LDAP server URIs,
> LDAP name resolution cuts in.
> - Before pg_services.conf is examined, the LDAP servers are contacted
> in order until a connection can be established.
> - The server is queried for an entry whose distinguished name is
> the value of 'service'. A certain attribute is retrieved.
> - The resulting string is parsed for options.
> - If that fails, pg_services.conf is read as fallback.
Uh, why is it a good idea to overload the "service" option like that?
ISTM it'd be less confusing to use a separate option. Further I suggest
that pg_service ought to be handled first, ie, it makes sense to me to
be able to put both the LDAP name and the LDAP server address(es) into a
pg_service.conf entry. The other way (LDAP pointing to pg_service.conf)
is clearly nonsensical, but that doesn't mean that they aren't useful
together.
regards, tom lane