libpq: Set LDAP protocol version 3

petere · AndrewJackson2020 · petere · commit 5f19d13dfed3 · 2025-08-12T20:56:49.000+02:00
Some LDAP servers reject the default version 2 protocol. So set version 3 before starting the connection. This matches how the backend LDAP code has worked all along. Co-authored-by: Andrew Jackson <andrewjackson947@gmail.com> Reviewed-by: Pavel Seleznev <pavel.seleznev@gmail.com> Discussion: https://www.postgresql.org/message-id/flat/CAKK5BkHixcivSCA9pfd_eUp7wkLRhvQ6OtGLAYrWC%3Dk7E76LDQ%40mail.gmail.com
diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c
@@ -5494,6 +5494,7 @@ ldapServiceLookup(const char *purl, PQconninfoOption *options,
 			   *entry;
 	struct berval **values;
 	LDAP_TIMEVAL time = {PGLDAP_TIMEOUT, 0};
+	int			ldapversion = LDAP_VERSION3;
 
 	if ((url = strdup(purl)) == NULL)
 	{
@@ -5625,6 +5626,15 @@ ldapServiceLookup(const char *purl, PQconninfoOption *options,
 		return 3;
 	}
 
+	if ((rc = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &ldapversion)) != LDAP_SUCCESS)
+	{
+		libpq_append_error(errorMessage, "could not set LDAP protocol version: %s",
+						   ldap_err2string(rc));
+		free(url);
+		ldap_unbind(ld);
+		return 3;
+	}
+
 	/*
 	 * Perform an explicit anonymous bind.
 	 *
