Define LDAPS_PORT if it's missing and disable implicit LDAPS on Windows

Some versions of Windows don't define LDAPS_PORT.

Also, Windows' ldap_sslinit() is documented to use LDAPS even if you
said secure=0 when the port number happens to be 636 or 3269.  Let's
avoid using the port number to imply that you want LDAPS, so that
connection strings have the same meaning on Windows and Unix.

Author: Thomas Munro
Discussion: https://postgr.es/m/CAEepm%3D23B7GV4AUz3MYH1TKpTv030VHxD2Sn%2BLYWDv8d-qWxww%40mail.gmail.com

1 files changed, 9 insertions, 3 deletions

diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 3560edc33a0..f327f7bb1bf 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -2363,9 +2363,10 @@ InitializeLDAPConnection(Port *port, LDAP **ldap)
 	if (scheme == NULL)
 		scheme = "ldap";
 #ifdef WIN32
-	*ldap = ldap_sslinit(port->hba->ldapserver,
-						 port->hba->ldapport,
-						 strcmp(scheme, "ldaps") == 0);
+	if (strcmp(scheme, "ldaps") == 0)
+		*ldap = ldap_sslinit(port->hba->ldapserver, port->hba->ldapport, 1);
+	else
+		*ldap = ldap_init(port->hba->ldapserver, port->hba->ldapport);
 	if (!*ldap)
 	{
 		ereport(LOG,
@@ -2489,6 +2490,11 @@ InitializeLDAPConnection(Port *port, LDAP **ldap)
 #define LDAP_NO_ATTRS "1.1"
 #endif
 
+/* Not all LDAP implementations define this. */
+#ifndef LDAPS_PORT
+#define LDAPS_PORT 636
+#endif
+
 /*
  * Return a newly allocated C string copied from "pattern" with all
  * occurrences of the placeholder "$username" replaced with "user_name".