[Fwd: Small addon to saslauthd ldap support to add native Solaris LDAP SSL (LDAPS) support]
Igor Brezac
igor at ipass.net
Thu Jan 24 22:46:17 EST 2008
Howard Chu wrote:
> Ken Murchison wrote:
>> Can one of the LDAP gurus take a look at this patch and let me know if
>> it looks sane, or if it can be rewritten to be smaller and/or leverage
>> more OpenLDAP code?
>>
> Well, the point is that it's trying to support the Solaris LDAP SDK,
> which is based on the ancient LDAPv2 API spec. If they're trying to
> use that, then they obviously can't leverage any OpenLDAP code.
>
> I glazed over a bit reading his ldap_initialize() wrapper. The rest
> looked ok, but I'm suspicious of his #ifdef'ing standard options like
> LDAP_OPT_TIMELIMIT. Those should be supported on all LDAP APIs. The
> only things that ought to need ifdef'ing are options with "_X_" in
> their name as those are extensions that were never mentioned in any
> API spec (draft or otherwise).
Configure script needs to be adjusted. In addition, ldapdb auxprop
plugin needs to be explicitly disabled if Solaris ldap sdk is found.
It'd be nice to update LDAP_SASLAUTHD as well.
Is there any reason they are not using openldap api? I do not think I
tried, but they should be able to connect to the solaris ldap server
using ldaps. Maybe Howard knows.
-Igor
More information about the Cyrus-sasl
mailing list