projects / users / rhaas / postgres.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 89333db) | patch
Remove unnecessary unbind in LDAP search+bind mode
authorPeter Eisentraut <peter@eisentraut.org>
Sun, 9 Jul 2023 06:22:34 +0000 (08:22 +0200)
committerPeter Eisentraut <peter@eisentraut.org>
Sun, 9 Jul 2023 06:51:46 +0000 (08:51 +0200)
commitf8d03ea727e48c894174c4e5e6ebafc3a17ab3f7
treebe1e69c5a7e81c800da5c867c4fbe6f6c973be32tree
parent89333db963af20988fc407463ea626b1c41404e8commit | diff
Remove unnecessary unbind in LDAP search+bind mode

Comments in src/backend/libpq/auth.c say: (after successfully finding
the final DN to check the user-supplied password against)

/* Unbind and disconnect from the LDAP server */

and later

/*
 * Need to re-initialize the LDAP connection, so that we can bind to
 * it with a different username.
 */

But the protocol actually permits multiple subsequent authentications
("binds") over a single connection.

So, it seems like the whole connection re-initialization thing was
just a confusion and can be safely removed, thus saving quite a few
network round-trips, especially for the case of ldaps/starttls.

Author: Anatoly Zaretsky <anatoly.zaretsky@gmail.com>
Discussion: https://www.postgresql.org/message-id/flat/CALbq6kmJ-1+58df4B51ctPfTOSyPbY8Qi2=ct8oR=i4TamkUoQ@mail.gmail.com
doc/src/sgml/client-auth.sgml diff | blob | blame | history
src/backend/libpq/auth.c diff | blob | blame | history
Robert Haas's development tree.