Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: Why did CentOS 8.x curl drop ldap url support?
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Alex via curl-users <curl-users_at_lists.haxx.se>
Date: Fri, 1 Apr 2022 11:17:01 +0200
Hi.
On Thu, 31 Mar 2022 23:13:11 -0500
Jamshid Afshar via curl-users <curl-users_at_lists.haxx.se> wrote:
> I'm hoping someone on curl-users knows why CentOS 8, and probably
> RedHat 8.x, have dropped "ldap" support in their pre-installed curl?
> It now reports:
>
> curl: (1) Protocol "ldap" not supported or disabled in libcurl
>
> Was it a conscious decision, maybe to reduce attack surface, or save a
> few bytes?
>
> I should post this to a CentOS forum but I don't have much luck there.
>
> Curl's support for ldap is really helpful when diagnosing network and
> configuration issues. Remember ldap urls can include search
> parameters.
>
> I see ldap support is in Fedora's curl (see below tests using docker),
> so maybe support will come back to centos 8.x?
>
> Thanks,
> Jamshid
>
> ==========================
>
> # centos 8 curl dropped support for ldap, it is in centos 7.
> % docker run -ti centos:8 bash
> [root_at_d23ca25a38cb /]# curl ldap://openldap.example.com
> curl: (1) Protocol "ldap" not supported or disabled in libcurl
>
> [root_at_d23ca25a38cb /]# curl -V
> curl 7.61.1 (x86_64-redhat-linux-gnu) libcurl/7.61.1 OpenSSL/1.1.1g
> zlib/1.2.11 nghttp2/1.33.0
> Release-Date: 2018-09-05
> Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s
> rtsp smb smbs smtp smtps telnet tftp
> Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM
> NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy Metalink
>
> # Fedora still has ldap support, maybe that means it will come back in centos
> 8? % docker run -ti fedora:latest bash
> [root_at_5a056cca9b75 /]# curl ldap://openldap.example.com
> DN:
> objectClass: top
> objectClass: OpenLDAProotDSE
>
> [root_at_5a056cca9b75 /]# curl -V
> curl 7.79.1 (x86_64-redhat-linux-gnu) libcurl/7.79.1
> OpenSSL/1.1.1l-fips zlib/1.2.11 brotli/1.0.9 libidn2/2.3.2
> libpsl/0.21.1 (+libidn2/2.3.2) libssh/0.9.6/openssl/zlib
> nghttp2/1.45.1 OpenLDAP/2.4.59
> Release-Date: 2021-09-22
> Protocols: dict file ftp ftps gopher gophers http https imap imaps
> ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet
> tftp
> Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTPS-proxy IDN
> IPv6 Kerberos Largefile libz NTLM NTLM_WB PSL SPNEGO SSL TLS-SRP
> UnixSockets
> [root_at_5a056cca9b75 /]#
Pay attention that Fedora have a initiative to reduce the default curl to a
curl minimal install which will not have ldap support by default.
https://lists.fedoraproject.org/archives/list/devel_at_lists.fedoraproject.org/thread/SH5WAIBVF7GVSKL2VPMSQKY7BB4QYEB5/
That's the info from Daniel about this topic.
https://daniel.haxx.se/blog/2022/03/16/fedora-and-curl-minimal/
Regards
Alex
Date: Fri, 1 Apr 2022 11:17:01 +0200
Hi.
On Thu, 31 Mar 2022 23:13:11 -0500
Jamshid Afshar via curl-users <curl-users_at_lists.haxx.se> wrote:
> I'm hoping someone on curl-users knows why CentOS 8, and probably
> RedHat 8.x, have dropped "ldap" support in their pre-installed curl?
> It now reports:
>
> curl: (1) Protocol "ldap" not supported or disabled in libcurl
>
> Was it a conscious decision, maybe to reduce attack surface, or save a
> few bytes?
>
> I should post this to a CentOS forum but I don't have much luck there.
>
> Curl's support for ldap is really helpful when diagnosing network and
> configuration issues. Remember ldap urls can include search
> parameters.
>
> I see ldap support is in Fedora's curl (see below tests using docker),
> so maybe support will come back to centos 8.x?
>
> Thanks,
> Jamshid
>
> ==========================
>
> # centos 8 curl dropped support for ldap, it is in centos 7.
> % docker run -ti centos:8 bash
> [root_at_d23ca25a38cb /]# curl ldap://openldap.example.com
> curl: (1) Protocol "ldap" not supported or disabled in libcurl
>
> [root_at_d23ca25a38cb /]# curl -V
> curl 7.61.1 (x86_64-redhat-linux-gnu) libcurl/7.61.1 OpenSSL/1.1.1g
> zlib/1.2.11 nghttp2/1.33.0
> Release-Date: 2018-09-05
> Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s
> rtsp smb smbs smtp smtps telnet tftp
> Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM
> NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy Metalink
>
> # Fedora still has ldap support, maybe that means it will come back in centos
> 8? % docker run -ti fedora:latest bash
> [root_at_5a056cca9b75 /]# curl ldap://openldap.example.com
> DN:
> objectClass: top
> objectClass: OpenLDAProotDSE
>
> [root_at_5a056cca9b75 /]# curl -V
> curl 7.79.1 (x86_64-redhat-linux-gnu) libcurl/7.79.1
> OpenSSL/1.1.1l-fips zlib/1.2.11 brotli/1.0.9 libidn2/2.3.2
> libpsl/0.21.1 (+libidn2/2.3.2) libssh/0.9.6/openssl/zlib
> nghttp2/1.45.1 OpenLDAP/2.4.59
> Release-Date: 2021-09-22
> Protocols: dict file ftp ftps gopher gophers http https imap imaps
> ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet
> tftp
> Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTPS-proxy IDN
> IPv6 Kerberos Largefile libz NTLM NTLM_WB PSL SPNEGO SSL TLS-SRP
> UnixSockets
> [root_at_5a056cca9b75 /]#
Pay attention that Fedora have a initiative to reduce the default curl to a
curl minimal install which will not have ldap support by default.
https://lists.fedoraproject.org/archives/list/devel_at_lists.fedoraproject.org/thread/SH5WAIBVF7GVSKL2VPMSQKY7BB4QYEB5/
That's the info from Daniel about this topic.
https://daniel.haxx.se/blog/2022/03/16/fedora-and-curl-minimal/
Regards
Alex
-- Unsubscribe: https://lists.haxx.se/listinfo/curl-users Etiquette: https://curl.haxx.se/mail/etiquette.htmlReceived on 2022-04-01