curl-library
Re: [PATCH] OpenLDAP support
Date: Tue, 11 May 2010 19:09:29 -0400
On May 11, 2010, at 10:41 AM, Howard Chu wrote:
> Daniel Stenberg wrote:
>> On Sat, 8 May 2010, Howard Chu wrote:
>>
>>> Also notice that going this route means you don't need a separate check for
>>> ldaps support.
>>
>> Okay, I must say that this looks like a much better and cleaner LDAP approach
>> than what we currently have.
>>
>> Do you think there's any value in keeping the old (current) way of doing LDAP,
>> or does this patch imply that we just remove that part?
>
> Maybe as a fallback, if someone really doesn't have the OpenLDAP libraries available. Note that ldap_init_fd() was introduced in OpenLDAP 2.4, so anyone using 2.3 or older and unable to install a current library would need the older code. (Of course we're talking about a feature we released in February 2007; I don't spend a lot of time worrying about sites who still haven't upgraded yet.)
>
> I guess we could try to fit the old functionality into the new structure somehow, even without ldap_init_fd(). E.g., we can use ldap_get_option(LDAP_OPT_DESC) to get the descriptor of the underlying socket, and replace the socket that libcurl already opened. So there would still be two socket()/connect()s per session but we can close one and put libcurl back in charge after that. That's been a feature of the LDAP API for ages, even winldap supports it.
>
> But winldap doesn't have any LDAP URL parsing functions, so you'd still need to keep that code around.
>
> winldap also doesn't support pluggable I/O layers, so you're stuck with using SSPI if you actually want to support SSL there.
>
> The Novell LDAP SDK doesn't support the ldap_get_option(LDAP_OPT_DESC) so there's really no way to plug that in and give libcurl control. It appears that they forked OpenLDAP back in 1999 and haven't adopted any of our work since that time.
>
> http://developer.novell.com/documentation/cldap/ldaplibc/data/a4or5jp.html
>
> I'd say it's not worth worrying about since OpenLDAP builds on all of the platforms that the Novell SDK supports. (And obviously, on many platforms that Novell doesn't support, e.g. IBM OS/390 and z/OS, ARM Linux, etc. etc...)
>
> The Mozilla LDAP SDK is going away; Mozilla is migrating to the OpenLDAP SDK.
>
> So, the question is, what are you willing to support and maintain?
Just so you know, Mac OS X 10.6 comes with OpenLDAP 2.4, but 10.5 comes with 2.3. That means that libcurl ldap wouldn't work on anything but 10.6, and lots of people with older machines can't upgrade. It may not be important, but I just thought I'd mention it.
Daniel
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2010-05-12