Return-Path: Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 77436 invoked by uid 500); 14 Feb 2003 05:43:22 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 77275 invoked from network); 14 Feb 2003 05:43:21 -0000 Message-ID: <3E4C8202.6040100@sharp.fm> Date: Fri, 14 Feb 2003 07:43:30 +0200 From: Graham Leggett User-Agent: Mozilla/5.0 (X11; U; Linux ppc; en-US; rv:1.2) Gecko/20030110 X-Accept-Language: en-us, en MIME-Version: 1.0 To: dev@httpd.apache.org Subject: Re: Standarizing mod_auth_ldap across LDAP SDKs... References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Brad Nicholes wrote: > Over the last couple of weeks one of our Novell LDAP SDK engineers > took a look at mod_auth_ldap to try to standardize it across various > SDKs especially with regards to SSL. Cool! > - Added a support framework (using #defines) for multiple vendor LDAP > SDKs. The framework currently supports the SDKs from Novell, NetScape, > OpenLDAP, and Microsoft. (Spent significant time testing compiling and > running with the various SDKs on Win32. However, ran into problems with > Microsoft's SDK. It GPFs when doing an ldap_set_option.) The purpose of LDAP support being in apr-util is so that machine specific and SDK specific issues can be addressed there. The #defines you mention should not be in mod_ldap, they should rather be in apr-util. > - Removed the AuthLDAPStartTLS directive from mod_auth_ldap. The > AuthLDAPUrl directive is used to specify clear (ldap://) or SSL > (ldaps://) connections. I'm not clear on this one - is there not a difference between SSL (make secure connection and speak LDAP) and TLS (make an insecure connection and then say starttls to upgrade the connection to a secure one)? > I would like to commit these changes to the 2.1 tree as soon as > possible and also back port them to the 2.0 if acceptable. +1 on committing to v2.1 as soon as possible :) Regards, Graham -- ----------------------------------------- minfrin@sharp.fm "There's a moon over Bourbon Street tonight..."