Re: Document use of ldapurl with LDAP simple bind

On 24.05.24 20:54, Jacob Champion wrote:
> Our documentation implies that the ldapurl setting in pg_hba is used
> for search+bind mode only. It was pointed out to me recently that this
> is not true, and if you're dealing with simple bind on a non-standard
> scheme or port, then ldapurl makes the HBA easier to read:
> 
>      ... ldap ldapurl="ldaps://ldap.example.net:49151" ldapprefix="cn="
> ldapsuffix=", dc=example, dc=net"
> 
> 0001 tries to document this helpful behavior a little better, and 0002
> pins it with a test. WDYT?

Yes, this looks correct.  Since ldapurl is really just a shorthand that 
is expanded to various other parameters, it makes sense that it would 
work for simple bind as well.

hba.c has this error message:

"cannot use ldapbasedn, ldapbinddn, ldapbindpasswd, ldapsearchattribute, 
ldapsearchfilter, or ldapurl together with ldapprefix"

This appears to imply that specifying ldapurl is only applicable for 
search+bind.  Maybe that whole message should be simplified to something 
like

"configuration mixes arguments for simple bind and search+bind"

(The old wording also ignores that the error might arise via "ldapsuffix".)