Re: new feature: LDAP database name resolution

"Albe Laurenz" <all@adv.magwien.gv.at> writes:
> I am now in the process of writing a patch against CVS HEAD that
> changes fe-connect.c as follows:

> - If there is a 'service' option or PGSERVICE is set, AND the
> environment
>   PGLDAPSERVERS is set to a comma separated list of LDAP server URIs,
>   LDAP name resolution cuts in.
> - Before pg_services.conf is examined, the LDAP servers are contacted
>   in order until a connection can be established.
> - The server is queried for an entry whose distinguished name is
>   the value of 'service'. A certain attribute is retrieved.
> - The resulting string is parsed for options.
> - If that fails, pg_services.conf is read as fallback.

Uh, why is it a good idea to overload the "service" option like that?
ISTM it'd be less confusing to use a separate option.  Further I suggest
that pg_service ought to be handled first, ie, it makes sense to me to
be able to put both the LDAP name and the LDAP server address(es) into a
pg_service.conf entry.  The other way (LDAP pointing to pg_service.conf)
is clearly nonsensical, but that doesn't mean that they aren't useful
together.
        regards, tom lane