Re: DNS SRV support for LDAP authentication

On Sat, Feb 2, 2019 at 9:25 AM Graham Leggett <minfrin@sharp.fm> wrote:
> On 25 Sep 2018, at 04:09, Thomas Munro <thomas.munro@enterprisedb.com> wrote:
> > Some people like to use DNS SRV records to advertise LDAP servers on
> > their network.  Microsoft Active Directory is usually (always?) set up
> > that way.  Here is a patch to allow our LDAP auth module to support
> > that kind of discovery.
>
> Does this support SSL/TLS?

I didn't try it myself but I found several claims that it works.  I
see complaints that it always looks for _ldap._tcp and not _ldaps._tcp
as you might expect when using ldascheme=ldaps, but that doesn't seem
to be a big problem.  As for ldaptls=1, that must work because it
doesn't even negotiate that until after the connection is made.

-- 
Thomas Munro
http://www.enterprisedb.com