[Date Prev][Date Next]
Re: SSL/GSSAPI for OpenLDAP
We need to sort out how much -llber should really know about the
streams it's reading/writing from. It's my view that it should
I'd like to reconsider the approach currently being taken to
implement security handlers in -llber. I think it might be
better to keep -llber independent of I/O details.
I'd like for -llber to updated to support a couple of simple
hooks for reading and writing data. We'd then remove all the
cruft concerning setting non-blocking i/o (which wouldn't be
required), data availability, etc. upon the hooks and the
caller of the lber routines. -llber, of course, should be
designed (and for the most part is) to handle both blocking
and non-blocking I/O, partial read/write completion, read/write
On the client side, -lldap would be responsible to hooking in
new routines to support TLS. This could be done immediately
in the case of LDAP over SSL or when appropriate for SASL/TLS.
On the server side, slapd would be responsible.
I would, of course, think it wise to provide a common set of
routines for handling I/O details. These could be placed in
I'll have to chew on the client-side dynamic module issues...