cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [PATCH] OpenLDAP support

From: Howard Chu <hyc_at_highlandsun.com>
Date: Tue, 11 May 2010 07:41:21 -0700

Daniel Stenberg wrote:
> On Sat, 8 May 2010, Howard Chu wrote:
>
>> Also notice that going this route means you don't need a separate check for
>> ldaps support.
>
> Okay, I must say that this looks like a much better and cleaner LDAP approach
> than what we currently have.
>
> Do you think there's any value in keeping the old (current) way of doing LDAP,
> or does this patch imply that we just remove that part?

Maybe as a fallback, if someone really doesn't have the OpenLDAP libraries
available. Note that ldap_init_fd() was introduced in OpenLDAP 2.4, so anyone
using 2.3 or older and unable to install a current library would need the
older code. (Of course we're talking about a feature we released in February
2007; I don't spend a lot of time worrying about sites who still haven't
upgraded yet.)

I guess we could try to fit the old functionality into the new structure
somehow, even without ldap_init_fd(). E.g., we can use
ldap_get_option(LDAP_OPT_DESC) to get the descriptor of the underlying socket,
and replace the socket that libcurl already opened. So there would still be
two socket()/connect()s per session but we can close one and put libcurl back
in charge after that. That's been a feature of the LDAP API for ages, even
winldap supports it.

But winldap doesn't have any LDAP URL parsing functions, so you'd still need
to keep that code around.

winldap also doesn't support pluggable I/O layers, so you're stuck with using
SSPI if you actually want to support SSL there.

The Novell LDAP SDK doesn't support the ldap_get_option(LDAP_OPT_DESC) so
there's really no way to plug that in and give libcurl control. It appears
that they forked OpenLDAP back in 1999 and haven't adopted any of our work
since that time.

http://developer.novell.com/documentation/cldap/ldaplibc/data/a4or5jp.html

I'd say it's not worth worrying about since OpenLDAP builds on all of the
platforms that the Novell SDK supports. (And obviously, on many platforms that
Novell doesn't support, e.g. IBM OS/390 and z/OS, ARM Linux, etc. etc...)

The Mozilla LDAP SDK is going away; Mozilla is migrating to the OpenLDAP SDK.

So, the question is, what are you willing to support and maintain?

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2010-05-11