Define LDAPS_PORT if it's missing and disable implicit LDAPS on Windows

Some versions of Windows don't define LDAPS_PORT.

Also, Windows' ldap_sslinit() is documented to use LDAPS even if you
said secure=0 when the port number happens to be 636 or 3269.  Let's
avoid using the port number to imply that you want LDAPS, so that
connection strings have the same meaning on Windows and Unix.

Author: Thomas Munro
Discussion: https://postgr.es/m/CAEepm%3D23B7GV4AUz3MYH1TKpTv030VHxD2Sn%2BLYWDv8d-qWxww%40mail.gmail.com

diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 3560edc33a0ad84bd410def6358b1edbb2d3026c..f327f7bb1bf7cb9c8e4a70af14780a8d724a7ab3 100644 (file)
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -2363,9 +2363,10 @@ InitializeLDAPConnection(Port *port, LDAP **ldap)
        if (scheme == NULL)
                scheme = "ldap";
 #ifdef WIN32
-       *ldap = ldap_sslinit(port->hba->ldapserver,
-                                                port->hba->ldapport,
-                                                strcmp(scheme, "ldaps") == 0);
+       if (strcmp(scheme, "ldaps") == 0)
+               *ldap = ldap_sslinit(port->hba->ldapserver, port->hba->ldapport, 1);
+       else
+               *ldap = ldap_init(port->hba->ldapserver, port->hba->ldapport);
        if (!*ldap)
        {
                ereport(LOG,
@@ -2489,6 +2490,11 @@ InitializeLDAPConnection(Port *port, LDAP **ldap)
 #define LDAP_NO_ATTRS "1.1"
 #endif
 
+/* Not all LDAP implementations define this. */
+#ifndef LDAPS_PORT
+#define LDAPS_PORT 636
+#endif
+
 /*
  * Return a newly allocated C string copied from "pattern" with all
  * occurrences of the placeholder "$username" replaced with "user_name".