diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml
index 9fc583c..a0f1e8d 100644
--- a/doc/src/sgml/client-auth.sgml
+++ b/doc/src/sgml/client-auth.sgml
@@ -1520,6 +1520,15 @@ ldap://host[:port]/
+
+ ldapnochaseref
+
+
+ Set to 1 to disable chasing of any LDAP references which are returned
+ as part of the search.
+
+
+
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 415b614..a9b2e5c 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -2061,6 +2061,18 @@ InitializeLDAPConnection(Port *port, LDAP **ldap)
return STATUS_ERROR;
}
+ if (port->hba->ldapnochaseref)
+ {
+
+ if ((r = ldap_set_option(*ldap, LDAP_OPT_REFERRALS, LDAP_OPT_OFF)) != LDAP_SUCCESS)
+ {
+ ldap_unbind(*ldap);
+ ereport(LOG,
+ (errmsg("could not disable LDAP referral chasing: %s", ldap_err2string(r))));
+ return STATUS_ERROR;
+ }
+ }
+
if (port->hba->ldaptls)
{
#ifndef WIN32
diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c
index 91f6ced..54619a0 100644
--- a/src/backend/libpq/hba.c
+++ b/src/backend/libpq/hba.c
@@ -1529,6 +1529,14 @@ parse_hba_auth_opt(char *name, char *val, HbaLine *hbaline, int line_num)
else
hbaline->ldaptls = false;
}
+ else if (strcmp(name, "ldapnochaseref") == 0)
+ {
+ REQUIRE_AUTH_OPTION(uaLDAP, "ldapnochaseref", "ldap");
+ if (strcmp(val, "1") == 0)
+ hbaline->ldapnochaseref = true;
+ else
+ hbaline->ldapnochaseref = false;
+ }
else if (strcmp(name, "ldapserver") == 0)
{
REQUIRE_AUTH_OPTION(uaLDAP, "ldapserver", "ldap");
diff --git a/src/include/libpq/hba.h b/src/include/libpq/hba.h
index 73ae510..fe9e010 100644
--- a/src/include/libpq/hba.h
+++ b/src/include/libpq/hba.h
@@ -66,6 +66,7 @@ typedef struct HbaLine
char *usermap;
char *pamservice;
bool ldaptls;
+ bool ldapnochaseref;
char *ldapserver;
int ldapport;
char *ldapbinddn;