Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wANpF-002KRE-1U for pgsql-hackers@arkaria.postgresql.org; Wed, 08 Apr 2026 07:59:49 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1wANpD-005x9T-2z for pgsql-hackers@arkaria.postgresql.org; Wed, 08 Apr 2026 07:59:48 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wANpD-005x9L-1t for pgsql-hackers@lists.postgresql.org; Wed, 08 Apr 2026 07:59:48 +0000 Received: from mail-yw1-x1131.google.com ([2607:f8b0:4864:20::1131]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.98.2) (envelope-from ) id 1wANpB-00000001GJ9-1XWp for pgsql-hackers@postgresql.org; Wed, 08 Apr 2026 07:59:47 +0000 Received: by mail-yw1-x1131.google.com with SMTP id 00721157ae682-79cd8f8e261so40731277b3.3 for ; Wed, 08 Apr 2026 00:59:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1775635183; cv=none; d=google.com; s=arc-20240605; b=fC/oP1LtzLcR0zuuvWcv/v6+gvjLZ7X/9wX0wt1fKBJr8+khZmTHncpH6tR01VCUXg 2dMvwoA0/dUC9ebnx+v39aKi5T6Cc3fowkdvk7XMIiH70YVPthwONYQ0WpJ7GvUXFmKv uQu9BNTZi/Tq9NC9fx+IhWBFZx17cIy5xRCSY5oRO8l/nh2//a3QpbMKt4BTCK88zngC DiGanHZo5Ttd24nn8wqyTSS6ItGtRXQrMnBBaPNRlEiamioqDMbNk0/tJgW8/fwwwmDR DBobSMIGs1ic/IkayPje8AX/tCadH/nbMUiH6Fxexw13GrpVZxCfLBMeJcTKh0hGiknL SBmg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=UKX+jFIXhQWpsY9SuRWPheJP/JZXsHfpmNOs3e1uK2A=; fh=+3TkLFNEXyq3ryilRORRy5Lv6q8O5LIUawjTyr1qY/Y=; b=eOlRdF7/J5i/+UmVJQkT+PFX2BfAaeUTBmXHbsMS8jb7Y+Cj1TuqNfvMDgebW+LB34 QRrblj9cjhibU3IczVawqXRuJXhukzHuQDFz0lFYwTMenNaafGaM6b6WZaQpRsfiqEIh mPKWsf5Ku/QIdpVwZncEp7pIeyoe2CNviUZ3F2iRMulhjSC3qdGCMwSNobuN/i9T7x7F dmDShieXvayVDXg6qM68qqc8nwTWvz2SOVahUs6u/20cEvxmCZqK+b9MPtpLUndyniVx cmkL0419D6nqGesk8H5IFbOooF77IOkCVO9RDW7rlvP/gKsezMR6pJ8XHTOeO8CiE1yJ Sa3g==; darn=postgresql.org ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=percona.com; s=google; t=1775635183; x=1776239983; darn=postgresql.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=UKX+jFIXhQWpsY9SuRWPheJP/JZXsHfpmNOs3e1uK2A=; b=RaBncHJJjK0N5yNNXTKe2oZRBNpTqvUtqox79DuMSLacF6MQHC5xnQyAZsNAMMmsqy rVEJUSWGzzdwbKRg0HtoVv6T7CqYj0z2dohhe/PFUJ1I29Zgk2lpr8iA09B2pha8u19B 8T6LF8fCqQly2+cHFpmTfUGIZgKwTQ/pUyRto= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775635183; x=1776239983; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=UKX+jFIXhQWpsY9SuRWPheJP/JZXsHfpmNOs3e1uK2A=; b=bKlAXL1QRCXuOClw+tCx/UWlilXBFHZ6+MPMixu3D0j1jgp1PRWxOa28zJ8ZIRjIAj 1qEcNOtW1kz/U48dnq4rffBUqPrCkCbBJFR31uK/LwUXxBD1FPwBuQlqf/BYbd7I68kS Ye7cyTTRSARHJ9nOgofePrI5YaL1Us+V00qFLKxEVB4V8kG0RwrOGeckY1QLyHC2lLwb XmtQoV/A8S7ReUjCbMwnZqCIU9OOMk9qgqZfxP3Lhs7bUzE/WskV4dPU7HkrrrTJSyU5 f3W4mVGSFBZaUp4su7pqaUDfONpoxRwaJg2hllxvyzhuVqQraPrxhGa+AshMgGtRPXzo t3Fg== X-Forwarded-Encrypted: i=1; AJvYcCW9bzcKXGXmt2Xx6nLL8xksOHseKjp9zIosq6fvCZr4Jh8fCye9NZJGz0Z+zIpo/SRT7I3+bCfKxZSUzGGX@postgresql.org X-Gm-Message-State: AOJu0Ywu6SDEAlwJeIMuuJgR4r3Q2rzJkzHhMWULJWOGNyo2VVy1HXSP Y9Dz/Bl/Jx8l/PaWOH1xRxXdcZczhD6+gWIYsXfDS6mX59dCSABAVI7bAM33QHdRrmX/S2cUmbK zNAtnUnWGNTIWwO+KWaeM6I0wnh33Z5CN5bROnMG2n9VvbfHqsrjaF7A5UDin8xJF1vTKDlaZAw r+F3QfYmx4eat4aEXo+khx0CRlquXo0JGqQou+4bM49eBFPpEAUAOqY2VIBYTM4Obw6thbi9Dfp VZkqYMb0pWDwqsVzGAwy9N3/CqhGUZ9Tjn+sIMtDfF/KleLrog= X-Gm-Gg: AeBDieumseRcXu7ySKLxSCQilLA2KQl51joNpLZLiNkR3AaDQ0zA09199EuteTNQbtS dTeXh6/fxyf8vdYJ8MTxZJW2DOL2tKbHj5UGEehcXQYuqyCFZSViOaC4eun9CGqu0U8wQkImTCO ZUgtIQsOG8lOKZIFlf/LVUF7vq/c4Dk5ZNdaJPv5wsIFW/02Cka4gFTCGGLguN27SofaMVltCXc A6hvRqajT8uPH1VDJgvGJTPxFfYaIypsITBJThNsYah4D39WlH7OLKDnoVZyX8k+8IhY7Aysekd Ztlhh5AfeMaVNHaJHEDLqMftBEbNkAmZyBo8Jc5oHEp4WgApR91VvzQw8f72F0nGq/xiCAzoXmB zY2U= X-Received: by 2002:a05:690c:dd5:b0:79f:2e53:8606 with SMTP id 00721157ae682-7a4d5c5e341mr206746087b3.41.1775635182838; Wed, 08 Apr 2026 00:59:42 -0700 (PDT) MIME-Version: 1.0 References: <9FF1E1E8-D9EE-43C5-ADFA-7AE94BA57159@yandex-team.ru> <3e670a40754bb687d163f21d82af96f059f3d472.camel@cybertec.at> <61724fbede15fd95ae29764037fbe71629a8f6d7.camel@cybertec.at> In-Reply-To: From: Zsolt Parragi Date: Wed, 8 Apr 2026 08:59:33 +0100 X-Gm-Features: AQROBzC3PORlLZaRVrCSXfDowfqwOLfaCi5E_BvdJ1OFsLOVe3letm5mlWGtRFI Message-ID: Subject: Re: Add ldapservice connection parameter To: Andrew Jackson Cc: Laurenz Albe , pgsql-hackers , Roman Khapov , niushiji@gmail.com, Andrey Borodin Content-Type: text/plain; charset="UTF-8" X-CLOUD-SEC-AV-Sent: true X-CLOUD-SEC-AV-Info: percona,google_mail,monitor X-Gm-Spam: 0 X-Gm-Phishy: 0 List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Hello + /* + * ldapServiceLookup has 4 potential return values. We only care here + * if it succeeded, if it failed we dont care why, return failure. + */ + if ((rc = ldapServiceLookup(ldapserviceurl, options, errorMessage)) != 0){ + + /* + * ldapServiceLookup == 2 is the only return code for libpq_append_error + * that does not append error because when used in pg_service.conf it is + * allowed to fallback to additional URLs without failing. + */ + if (rc == 2) + libpq_append_error(errorMessage, + "connection could not be established to ldapserviceurl: \"%s\"", + ldapserviceurl); + + return false; This comment seems to be confusing to me, at first I thought that it is the opposite of what the code below does, and then I realized that no, it's just difficult to understand. Maybe something like: /* * ldapServiceLookup() return code 2 means the LDAP server could * not be contacted. Unlike other non-zero returns, it does not * append an error message, because in pg_service.conf parsing * the caller silently falls back to the next URL. Here there is * no fallback, so we must provide an error message ourselves. */ + This option specifies an LDAP query that can be used to reference connection parameters + stored on an LDAP server. Any connection parameter that is looked up in this way is + overridden by explicitly named connection parameters or environment variables. This Is the environment variable part true? ldapServiceLookup is now at line 6765, environment variables are handled later at 6794 in conninfo_add_defaults, so it is later, but it also has a NULL check in it. If a value is already set in ldapServiceLookup, the environment variable loop later won't override it.