httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <minf...@sharp.fm>
Subject Re: Standarizing mod_auth_ldap across LDAP SDKs...
Date Fri, 14 Feb 2003 05:43:30 GMT
Brad Nicholes wrote:

>   Over the last couple of weeks one of our Novell LDAP SDK engineers
> took a look at mod_auth_ldap to  try to standardize it across various
> SDKs especially with regards to SSL.

Cool!

> - Added a support framework (using #defines) for multiple vendor LDAP
> SDKs.  The framework currently  supports the SDKs from Novell, NetScape,
> OpenLDAP, and Microsoft.  (Spent significant time testing  compiling and
> running with the various SDKs on Win32.  However, ran into problems with
> Microsoft's  SDK.  It GPFs when doing an ldap_set_option.)

The purpose of LDAP support being in apr-util is so that machine 
specific and SDK specific issues can be addressed there. The #defines 
you mention should not be in mod_ldap, they should rather be in apr-util.

> - Removed the AuthLDAPStartTLS directive from mod_auth_ldap.  The
> AuthLDAPUrl directive is used to  specify clear (ldap://) or SSL
> (ldaps://) connections.  

I'm not clear on this one - is there not a difference between SSL (make 
secure connection and speak LDAP) and TLS (make an insecure connection 
and then say starttls to upgrade the connection to a secure one)?

> I would like to commit these changes to the 2.1 tree as soon as
> possible and also back port them to  the 2.0 if acceptable.

+1 on committing to v2.1 as soon as possible :)

Regards,
Graham
-- 
-----------------------------------------
minfrin@sharp.fm		"There's a moon
					over Bourbon Street
						tonight..."


Mime
View raw message