[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL/GSSAPI for OpenLDAP

To: Julio Sánchez Fernández <j_sanchez@stl.es>
Subject: Re: SSL/GSSAPI for OpenLDAP
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Mon, 14 Jun 1999 14:48:04 -0700
Cc: shltch@osfmail.isc.rit.edu, openldap-devel@OpenLDAP.org, bart@OpenLDAP.org
In-reply-to: <3764BF4A.F6041CE6@stl.es>
References: <Pine.OSF.4.05.9906111551350.9893-100000@grace>

We need to sort out how much -llber should really know about the
streams it's reading/writing from.  It's my view that it should
very little.

I'd like to reconsider the approach currently being taken to
implement security handlers in -llber.  I think it might be
better to keep -llber independent of I/O details.

I'd like for -llber to updated to support a couple of simple
hooks for reading and writing data.  We'd then remove all the
cruft concerning setting non-blocking i/o (which wouldn't be
required), data availability, etc. upon the hooks and the
caller of the lber routines.  -llber, of course, should be
designed (and for the most part is) to handle both blocking
and non-blocking I/O, partial read/write completion, read/write
restart, etc.

On the client side, -lldap would be responsible to hooking in
new routines to support TLS.  This could be done immediately
in the case of LDAP over SSL or when appropriate for SASL/TLS.

On the server side, slapd would be responsible.

I would, of course, think it wise to provide a common set of
routines for handling I/O details.  These could be placed in
-llber.

I'll have to chew on the client-side dynamic module issues...

Kurt

Follow-Ups:
- Re: SSL/GSSAPI for OpenLDAP
  - From: dboreham@netscape.com (David Boreham)

References:
- SSL/GSSAPI for OpenLDAP
  - From: shltch@osfmail.isc.rit.edu
- Re: SSL/GSSAPI for OpenLDAP
  - From: Julio Sánchez Fernández <j_sanchez@stl.es>

Prev by Date: Re: LDAP C API: ber_* error handling
Next by Date: Re: SSL/GSSAPI for OpenLDAP
Index(es):
- Chronological
- Thread