apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <minf...@sharp.fm>
Subject Re: LDAP changes in apr-util 1.0.x
Date Thu, 06 Jan 2005 22:11:28 GMT
William A. Rowe, Jr. wrote:

> Wouldn't it be *much* more economical to do something similar
> to apr_procattr_t, where we set up all the choices beforehand,
> and can reuse the apr_ldapopt_t over and over on each ldap
> connection for options which do not change?

All the LDAP toolkits have this concept already - you just call 
ldap_set_option with a NULL ldap handle and you set system wide 
properties (like defaults, and SSL params).

The issue is the supporting of client certificates - which in some cases 
(openldap, microsoft) are set on a per connection basis (which makes the 
most sense), and in other cases are set on a system wide sense (novell 
in my understanding).

Not only do we have to somehow handle this in APR, but we also need to 
handle this in httpd. Perhaps we need an httpd directive with global 
only scope that sets "system wide" certificates (AKA CA certs, but in 
the Novell case it could also be a client side cert valid system wide), 
as well as a local scoped per connection directive for "client 
certificates" (ie a per connection client cert, supported by Microsoft 
and OpenLDAP but fails with a graceful error on Novell).

Regards,
Graham
--

Mime
View raw message