[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: API Programming questions

To: "'Ugen'" <ugen@xonix.com>, "'Jody Hagins'" <jody@atdesk.com>
Subject: RE: API Programming questions
From: "Howard Chu" <hyc@highlandsun.com>
Date: Wed, 14 May 2003 13:27:42 -0700
Cc: <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <3EC29CC3.5040106@xonix.com>

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Ugen

> Jody Hagins wrote:

> >1. I have spent two days reading tons of googled links about LDAP.
> >However, I have yet to find a good resource for learning how to write
> >OpenLDAP client software.  Where can I find such
> information?  The man
> >pages talk about each function in isolation (with minimal
> reference to
> >others), and the C++ doxygen comments provide some more information.
> >However, I can not find anything that describes the
> interaction between
> >all the API functions, and their common use.  I am not necessarily
> >looking for a free document, though I have yet to find a
> book that looks
> >like it is a C/C++ programmer's guide to writing OpenLDAP clients.

Most people learn quickly when following an example. The best way to learn
how to write OpenLDAP client software is to look at the source code for
existing OpenLDAP client software. Certainly it demonstrates the interaction
between all the API functions.

> >2. Most of my applications are reactive, so I want to use the
> >asynchronous interfaces.  However, I can not see how to tie that into
> >something like a select() based application.  Specifically,
> I do not see
> >a way to know when a reply is available.  For example, if the API
> >exposed a file descriptor, then I could add that file
> descriptor to my
> >select() loop, and when something is "ready" I could then call
> >ldap_result().  What am I missing, that would allow me to integrate
> >asynchronous OpenLDAP calls with my reactive application?

> Asynchronous LDAP calls do not necessarily coincide with
> socket IO. In fact
> single LDAP handle may try to open multiple sockets and do lots of
> "magic" stuff
> inside (when following referrals for instance). Your
> select/callback API
> would have to be integrated pretty well to do that. It is not
> impossible
> though
> and I've done it by hacking LDAP API but i would suggest avoiding it.
>
> Your best bet is not to do a select loop based application or dedicate
> a separate thread to LDAP and notify a select loop by using a pipe or
> some such.

It's hard to do event-driven code in Unix without select(); using a separate
thread with a notification pipe may be the best bet. Otherwise your only
choice is to use a timeout in the select() call and poll ldap_result() at
regular time intervals.

> >3. What is the difference between the various authentication
> >methodologies?  Is it possible to integrate with ssh type
> authentication
> >so that passwords do not have to be sent if the proper authentication
> >setup has been established (e.g., ssh into a remote machine
> without need
> >of password after proper setup)?
> >
> Too long to answer but in short there is no "ssh type" auth.
> There are other types
> but most do not work correctly (aside from simple). Last time
> i checked SASL was broken (though claimed to work).

Last time I checked SASL auth worked fine... What problems did you have, and
did you file a bug report?

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

Follow-Ups:
- Re: API Programming questions
  - From: Ugen <ugen@xonix.com>

References:
- Re: API Programming questions
  - From: Ugen <ugen@xonix.com>

Prev by Date: Re: slapindex benchmarks .
Next by Date: Re: API Programming questions
Index(es):
- Chronological
- Thread