cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [PATCH] OpenLDAP support

From: Howard Chu <hyc_at_highlandsun.com>
Date: Tue, 11 May 2010 17:30:40 -0700

Daniel Johnson wrote:
>
> On May 11, 2010, at 10:41 AM, Howard Chu wrote:
>
>> Daniel Stenberg wrote:
>>> On Sat, 8 May 2010, Howard Chu wrote:
>>>
>>>> Also notice that going this route means you don't need a separate check for
>>>> ldaps support.
>>>
>>> Okay, I must say that this looks like a much better and cleaner LDAP approach
>>> than what we currently have.
>>>
>>> Do you think there's any value in keeping the old (current) way of doing LDAP,
>>> or does this patch imply that we just remove that part?
>>
>> Maybe as a fallback, if someone really doesn't have the OpenLDAP libraries available. Note that ldap_init_fd() was introduced in OpenLDAP 2.4, so anyone using 2.3 or older and unable to install a current library would need the older code. (Of course we're talking about a feature we released in February 2007; I don't spend a lot of time worrying about sites who still haven't upgraded yet.)
>>
>> I guess we could try to fit the old functionality into the new structure somehow, even without ldap_init_fd(). E.g., we can use ldap_get_option(LDAP_OPT_DESC) to get the descriptor of the underlying socket, and replace the socket that libcurl already opened. So there would still be two socket()/connect()s per session but we can close one and put libcurl back in charge after that. That's been a feature of the LDAP API for ages, even winldap supports it.
>>
>> But winldap doesn't have any LDAP URL parsing functions, so you'd still need to keep that code around.
>>
>> winldap also doesn't support pluggable I/O layers, so you're stuck with using SSPI if you actually want to support SSL there.
>>
>> The Novell LDAP SDK doesn't support the ldap_get_option(LDAP_OPT_DESC) so there's really no way to plug that in and give libcurl control. It appears that they forked OpenLDAP back in 1999 and haven't adopted any of our work since that time.
>>
>> http://developer.novell.com/documentation/cldap/ldaplibc/data/a4or5jp.html
>>
>> I'd say it's not worth worrying about since OpenLDAP builds on all of the platforms that the Novell SDK supports. (And obviously, on many platforms that Novell doesn't support, e.g. IBM OS/390 and z/OS, ARM Linux, etc. etc...)
>>
>> The Mozilla LDAP SDK is going away; Mozilla is migrating to the OpenLDAP SDK.
>>
>> So, the question is, what are you willing to support and maintain?
>
> Just so you know, Mac OS X 10.6 comes with OpenLDAP 2.4, but 10.5 comes
> with 2.3. That means that libcurl ldap wouldn't work on anything but 10.6,
> and lots of people with older machines can't upgrade. It may not be
> important, but I just thought I'd mention it.

Hm, people with older machines can always download the current source code and
build libldap themselves. And I suspect they can get a current one from macports.

http://www.macports.org/ports.php?by=name&substr=openldap

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2010-05-12